1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef _X509_VFY_H_ 16 #define _X509_VFY_H_ 17 18 #ifdef __cplusplus 19 extern "C" { 20 #endif 21 22 #define X509_V_OK 0 23 #define X509_V_ERR_UNSPECIFIED 1 24 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 25 #define X509_V_ERR_UNABLE_TO_GET_CRL 3 26 #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 27 #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 28 #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 29 #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 30 #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 31 #define X509_V_ERR_CERT_NOT_YET_VALID 9 32 #define X509_V_ERR_CERT_HAS_EXPIRED 10 33 #define X509_V_ERR_CRL_NOT_YET_VALID 11 34 #define X509_V_ERR_CRL_HAS_EXPIRED 12 35 #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 36 #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 37 #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 38 #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 39 #define X509_V_ERR_OUT_OF_MEM 17 40 #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 41 #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 42 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 43 #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 44 #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 45 #define X509_V_ERR_CERT_REVOKED 23 46 #define X509_V_ERR_INVALID_CA 24 47 #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 48 #define X509_V_ERR_INVALID_PURPOSE 26 49 #define X509_V_ERR_CERT_UNTRUSTED 27 50 #define X509_V_ERR_CERT_REJECTED 28 51 /* These are 'informational' when looking for issuer cert */ 52 #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 53 #define X509_V_ERR_AKID_SKID_MISMATCH 30 54 #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 55 #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 56 #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 57 #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 58 #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 59 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 60 #define X509_V_ERR_INVALID_NON_CA 37 61 #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 62 #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 63 #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 64 #define X509_V_ERR_INVALID_EXTENSION 41 65 #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 66 #define X509_V_ERR_NO_EXPLICIT_POLICY 43 67 #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 68 #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 69 #define X509_V_ERR_UNNESTED_RESOURCE 46 70 #define X509_V_ERR_PERMITTED_VIOLATION 47 71 #define X509_V_ERR_EXCLUDED_VIOLATION 48 72 #define X509_V_ERR_SUBTREE_MINMAX 49 73 /* The application is not happy */ 74 #define X509_V_ERR_APPLICATION_VERIFICATION 50 75 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 76 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 77 #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 78 #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 79 /* Another issuer check debug option */ 80 #define X509_V_ERR_PATH_LOOP 55 81 /* Suite B mode algorithm violation */ 82 #define X509_V_ERR_SUITE_B_INVALID_VERSION 56 83 #define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 84 #define X509_V_ERR_SUITE_B_INVALID_CURVE 58 85 #define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 86 #define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 87 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 88 /* Host, email and IP check errors */ 89 #define X509_V_ERR_HOSTNAME_MISMATCH 62 90 #define X509_V_ERR_EMAIL_MISMATCH 63 91 #define X509_V_ERR_IP_ADDRESS_MISMATCH 64 92 /* DANE TLSA errors */ 93 #define X509_V_ERR_DANE_NO_MATCH 65 94 /* security level errors */ 95 #define X509_V_ERR_EE_KEY_TOO_SMALL 66 96 #define X509_V_ERR_CA_KEY_TOO_SMALL 67 97 #define X509_V_ERR_CA_MD_TOO_WEAK 68 98 /* Caller error */ 99 #define X509_V_ERR_INVALID_CALL 69 100 /* Issuer lookup error */ 101 #define X509_V_ERR_STORE_LOOKUP 70 102 /* Certificate transparency */ 103 #define X509_V_ERR_NO_VALID_SCTS 71 104 105 #define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 106 107 #ifdef __cplusplus 108 } 109 #endif 110 111 #endif 112