components/openssl: add X509 verify result errno

components/openssl/include/internal/x509_vfy.h

@@ -0,0 +1,103 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _X509_VFY_H_
+#define _X509_VFY_H_
+
+#define         X509_V_OK                                       0
+#define         X509_V_ERR_UNSPECIFIED                          1
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+#define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+#define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+#define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+#define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+#define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+#define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+#define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+#define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+#define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+#define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+#define         X509_V_ERR_OUT_OF_MEM                           17
+#define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+#define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+#define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+#define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+#define         X509_V_ERR_CERT_REVOKED                         23
+#define         X509_V_ERR_INVALID_CA                           24
+#define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+#define         X509_V_ERR_INVALID_PURPOSE                      26
+#define         X509_V_ERR_CERT_UNTRUSTED                       27
+#define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+#define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+#define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+#define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+#define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+#define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+#define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+#define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+#define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+#define         X509_V_ERR_INVALID_NON_CA                       37
+#define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+#define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+#define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+#define         X509_V_ERR_INVALID_EXTENSION                    41
+#define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
+#define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+#define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+#define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+#define         X509_V_ERR_UNNESTED_RESOURCE                    46
+#define         X509_V_ERR_PERMITTED_VIOLATION                  47
+#define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+#define         X509_V_ERR_SUBTREE_MINMAX                       49
+/* The application is not happy */
+#define         X509_V_ERR_APPLICATION_VERIFICATION             50
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+#define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+#define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
+/* Another issuer check debug option */
+#define         X509_V_ERR_PATH_LOOP                            55
+/* Suite B mode algorithm violation */
+#define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
+#define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
+#define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
+#define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
+#define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+#define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
+/* Host, email and IP check errors */
+#define         X509_V_ERR_HOSTNAME_MISMATCH                    62
+#define         X509_V_ERR_EMAIL_MISMATCH                       63
+#define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
+/* DANE TLSA errors */
+#define         X509_V_ERR_DANE_NO_MATCH                        65
+/* security level errors */
+#define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
+#define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
+#define         X509_V_ERR_CA_MD_TOO_WEAK                       68
+/* Caller error */
+#define         X509_V_ERR_INVALID_CALL                         69
+/* Issuer lookup error */
+#define         X509_V_ERR_STORE_LOOKUP                         70
+/* Certificate transparency */
+#define         X509_V_ERR_NO_VALID_SCTS                        71
+
+#define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+
+#endif