1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file intentionally does not have header guards, it's included 6 // inside a macro to generate enum. 7 8 // This file contains the list of network errors. 9 10 // 11 // Ranges: 12 // 0- 99 System related errors 13 // 100-199 Connection related errors 14 // 200-299 Certificate errors 15 // 300-399 HTTP errors 16 // 400-499 Cache errors 17 // 500-599 ? 18 // 600-699 FTP errors 19 // 700-799 Certificate manager errors 20 // 21 22 // An asynchronous IO operation is not yet complete. This usually does not 23 // indicate a fatal error. Typically this error will be generated as a 24 // notification to wait for some external notification that the IO operation 25 // finally completed. 26 NET_ERROR(IO_PENDING, -1) 27 28 // A generic failure occurred. 29 NET_ERROR(FAILED, -2) 30 31 // An operation was aborted (due to user action). 32 NET_ERROR(ABORTED, -3) 33 34 // An argument to the function is incorrect. 35 NET_ERROR(INVALID_ARGUMENT, -4) 36 37 // The handle or file descriptor is invalid. 38 NET_ERROR(INVALID_HANDLE, -5) 39 40 // The file or directory cannot be found. 41 NET_ERROR(FILE_NOT_FOUND, -6) 42 43 // An operation timed out. 44 NET_ERROR(TIMED_OUT, -7) 45 46 // The file is too large. 47 NET_ERROR(FILE_TOO_BIG, -8) 48 49 // An unexpected error. This may be caused by a programming mistake or an 50 // invalid assumption. 51 NET_ERROR(UNEXPECTED, -9) 52 53 // Permission to access a resource, other than the network, was denied. 54 NET_ERROR(ACCESS_DENIED, -10) 55 56 // The operation failed because of unimplemented functionality. 57 NET_ERROR(NOT_IMPLEMENTED, -11) 58 59 // There were not enough resources to complete the operation. 60 NET_ERROR(INSUFFICIENT_RESOURCES, -12) 61 62 // Memory allocation failed. 63 NET_ERROR(OUT_OF_MEMORY, -13) 64 65 // The file upload failed because the file's modification time was different 66 // from the expectation. 67 NET_ERROR(UPLOAD_FILE_CHANGED, -14) 68 69 // The socket is not connected. 70 NET_ERROR(SOCKET_NOT_CONNECTED, -15) 71 72 // A connection was closed (corresponding to a TCP FIN). 73 NET_ERROR(CONNECTION_CLOSED, -100) 74 75 // A connection was reset (corresponding to a TCP RST). 76 NET_ERROR(CONNECTION_RESET, -101) 77 78 // A connection attempt was refused. 79 NET_ERROR(CONNECTION_REFUSED, -102) 80 81 // A connection timed out as a result of not receiving an ACK for data sent. 82 // This can include a FIN packet that did not get ACK'd. 83 NET_ERROR(CONNECTION_ABORTED, -103) 84 85 // A connection attempt failed. 86 NET_ERROR(CONNECTION_FAILED, -104) 87 88 // The host name could not be resolved. 89 NET_ERROR(NAME_NOT_RESOLVED, -105) 90 91 // The Internet connection has been lost. 92 NET_ERROR(INTERNET_DISCONNECTED, -106) 93 94 // An SSL protocol error occurred. 95 NET_ERROR(SSL_PROTOCOL_ERROR, -107) 96 97 // The IP address or port number is invalid (e.g., cannot connect to the IP 98 // address 0 or the port 0). 99 NET_ERROR(ADDRESS_INVALID, -108) 100 101 // The IP address is unreachable. This usually means that there is no route to 102 // the specified host or network. 103 NET_ERROR(ADDRESS_UNREACHABLE, -109) 104 105 // The server requested a client certificate for SSL client authentication. 106 NET_ERROR(SSL_CLIENT_AUTH_CERT_NEEDED, -110) 107 108 // A tunnel connection through the proxy could not be established. 109 NET_ERROR(TUNNEL_CONNECTION_FAILED, -111) 110 111 // No SSL protocol versions are enabled. 112 NET_ERROR(NO_SSL_VERSIONS_ENABLED, -112) 113 114 // The client and server don't support a common SSL protocol version or 115 // cipher suite. 116 NET_ERROR(SSL_VERSION_OR_CIPHER_MISMATCH, -113) 117 118 // The server requested a renegotiation (rehandshake). 119 NET_ERROR(SSL_RENEGOTIATION_REQUESTED, -114) 120 121 // The proxy requested authentication (for tunnel establishment) with an 122 // unsupported method. 123 NET_ERROR(PROXY_AUTH_UNSUPPORTED, -115) 124 125 // During SSL renegotiation (rehandshake), the server sent a certificate with 126 // an error. 127 // 128 // Note: this error is not in the -2xx range so that it won't be handled as a 129 // certificate error. 130 NET_ERROR(CERT_ERROR_IN_SSL_RENEGOTIATION, -116) 131 132 // The SSL handshake failed because of a bad or missing client certificate. 133 NET_ERROR(BAD_SSL_CLIENT_AUTH_CERT, -117) 134 135 // A connection attempt timed out. 136 NET_ERROR(CONNECTION_TIMED_OUT, -118) 137 138 // There are too many pending DNS resolves, so a request in the queue was 139 // aborted. 140 NET_ERROR(HOST_RESOLVER_QUEUE_TOO_LARGE, -119) 141 142 // Failed establishing a connection to the SOCKS proxy server for a target host. 143 NET_ERROR(SOCKS_CONNECTION_FAILED, -120) 144 145 // The SOCKS proxy server failed establishing connection to the target host 146 // because that host is unreachable. 147 NET_ERROR(SOCKS_CONNECTION_HOST_UNREACHABLE, -121) 148 149 // The request to negotiate an alternate protocol failed. 150 NET_ERROR(NPN_NEGOTIATION_FAILED, -122) 151 152 // The peer sent an SSL no_renegotiation alert message. 153 NET_ERROR(SSL_NO_RENEGOTIATION, -123) 154 155 // Winsock sometimes reports more data written than passed. This is probably 156 // due to a broken LSP. 157 NET_ERROR(WINSOCK_UNEXPECTED_WRITTEN_BYTES, -124) 158 159 // An SSL peer sent us a fatal decompression_failure alert. This typically 160 // occurs when a peer selects DEFLATE compression in the mistaken belief that 161 // it supports it. 162 NET_ERROR(SSL_DECOMPRESSION_FAILURE_ALERT, -125) 163 164 // An SSL peer sent us a fatal bad_record_mac alert. This has been observed 165 // from servers with buggy DEFLATE support. 166 NET_ERROR(SSL_BAD_RECORD_MAC_ALERT, -126) 167 168 // The proxy requested authentication (for tunnel establishment). 169 NET_ERROR(PROXY_AUTH_REQUESTED, -127) 170 171 // A known TLS strict server didn't offer the renegotiation extension. 172 NET_ERROR(SSL_UNSAFE_NEGOTIATION, -128) 173 174 // The SSL server attempted to use a weak ephemeral Diffie-Hellman key. 175 NET_ERROR(SSL_WEAK_SERVER_EPHEMERAL_DH_KEY, -129) 176 177 // Could not create a connection to the proxy server. An error occurred 178 // either in resolving its name, or in connecting a socket to it. 179 // Note that this does NOT include failures during the actual "CONNECT" method 180 // of an HTTP proxy. 181 NET_ERROR(PROXY_CONNECTION_FAILED, -130) 182 183 // Free: 131 184 185 // We detected an ESET product intercepting our HTTPS connections. Since these 186 // products are False Start intolerant, we return this error so that we can 187 // give the user a helpful error message rather than have the connection hang. 188 NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132) 189 190 // We've hit the max socket limit for the socket pool while preconnecting. We 191 // don't bother trying to preconnect more sockets. 192 NET_ERROR(PRECONNECT_MAX_SOCKET_LIMIT, -133) 193 194 // The permission to use the SSL client certificate's private key was denied. 195 NET_ERROR(SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED, -134) 196 197 // The SSL client certificate has no private key. 198 NET_ERROR(SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY, -135) 199 200 // The certificate presented by the HTTPS Proxy was invalid. 201 NET_ERROR(PROXY_CERTIFICATE_INVALID, -136) 202 203 // An error occurred when trying to do a name resolution (DNS). 204 NET_ERROR(NAME_RESOLUTION_FAILED, -137) 205 206 // Permission to access the network was denied. This is used to distinguish 207 // errors that were most likely caused by a firewall from other access denied 208 // errors. See also ERR_ACCESS_DENIED. 209 NET_ERROR(NETWORK_ACCESS_DENIED, -138) 210 211 // The request throttler module cancelled this request to avoid DDOS. 212 NET_ERROR(TEMPORARILY_THROTTLED, -139) 213 214 // A request to create an SSL tunnel connection through the HTTPS proxy 215 // received a non-200 (OK) and non-407 (Proxy Auth) response. The response 216 // body might include a description of why the request failed. 217 NET_ERROR(HTTPS_PROXY_TUNNEL_RESPONSE, -140) 218 219 // We were unable to sign the CertificateVerify data of an SSL client auth 220 // handshake with the client certificate's private key. 221 // 222 // Possible causes for this include the user implicitly or explicitly 223 // denying access to the private key, the private key may not be valid for 224 // signing, the key may be relying on a cached handle which is no longer 225 // valid, or the CSP won't allow arbitrary data to be signed. 226 NET_ERROR(SSL_CLIENT_AUTH_SIGNATURE_FAILED, -141) 227 228 // The message was too large for the transport. (for example a UDP message 229 // which exceeds size threshold). 230 NET_ERROR(MSG_TOO_BIG, -142) 231 232 // Certificate error codes 233 // 234 // The values of certificate error codes must be consecutive. 235 236 // The server responded with a certificate whose common name did not match 237 // the host name. This could mean: 238 // 239 // 1. An attacker has redirected our traffic to his server and is 240 // presenting a certificate for which he knows the private key. 241 // 242 // 2. The server is misconfigured and responding with the wrong cert. 243 // 244 // 3. The user is on a wireless network and is being redirected to the 245 // network's login page. 246 // 247 // 4. The OS has used a DNS search suffix and the server doesn't have 248 // a certificate for the abbreviated name in the address bar. 249 // 250 NET_ERROR(CERT_COMMON_NAME_INVALID, -200) 251 252 // The server responded with a certificate that, by our clock, appears to 253 // either not yet be valid or to have expired. This could mean: 254 // 255 // 1. An attacker is presenting an old certificate for which he has 256 // managed to obtain the private key. 257 // 258 // 2. The server is misconfigured and is not presenting a valid cert. 259 // 260 // 3. Our clock is wrong. 261 // 262 NET_ERROR(CERT_DATE_INVALID, -201) 263 264 // The server responded with a certificate that is signed by an authority 265 // we don't trust. The could mean: 266 // 267 // 1. An attacker has substituted the real certificate for a cert that 268 // contains his public key and is signed by his cousin. 269 // 270 // 2. The server operator has a legitimate certificate from a CA we don't 271 // know about, but should trust. 272 // 273 // 3. The server is presenting a self-signed certificate, providing no 274 // defense against active attackers (but foiling passive attackers). 275 // 276 NET_ERROR(CERT_AUTHORITY_INVALID, -202) 277 278 // The server responded with a certificate that contains errors. 279 // This error is not recoverable. 280 // 281 // MSDN describes this error as follows: 282 // "The SSL certificate contains errors." 283 // NOTE: It's unclear how this differs from ERR_CERT_INVALID. For consistency, 284 // use that code instead of this one from now on. 285 // 286 NET_ERROR(CERT_CONTAINS_ERRORS, -203) 287 288 // The certificate has no mechanism for determining if it is revoked. In 289 // effect, this certificate cannot be revoked. 290 NET_ERROR(CERT_NO_REVOCATION_MECHANISM, -204) 291 292 // Revocation information for the security certificate for this site is not 293 // available. This could mean: 294 // 295 // 1. An attacker has compromised the private key in the certificate and is 296 // blocking our attempt to find out that the cert was revoked. 297 // 298 // 2. The certificate is unrevoked, but the revocation server is busy or 299 // unavailable. 300 // 301 NET_ERROR(CERT_UNABLE_TO_CHECK_REVOCATION, -205) 302 303 // The server responded with a certificate has been revoked. 304 // We have the capability to ignore this error, but it is probably not the 305 // thing to do. 306 NET_ERROR(CERT_REVOKED, -206) 307 308 // The server responded with a certificate that is invalid. 309 // This error is not recoverable. 310 // 311 // MSDN describes this error as follows: 312 // "The SSL certificate is invalid." 313 // 314 NET_ERROR(CERT_INVALID, -207) 315 316 // The server responded with a certificate that is signed using a weak 317 // signature algorithm. 318 NET_ERROR(CERT_WEAK_SIGNATURE_ALGORITHM, -208) 319 320 // The domain has CERT records which are tagged as being an exclusive list of 321 // valid fingerprints. But the certificate presented was not in this list. 322 NET_ERROR(CERT_NOT_IN_DNS, -209) 323 324 // The host name specified in the certificate is not unique. 325 NET_ERROR(CERT_NON_UNIQUE_NAME, -210) 326 327 // Add new certificate error codes here. 328 // 329 // Update the value of CERT_END whenever you add a new certificate error 330 // code. 331 332 // The value immediately past the last certificate error code. 333 NET_ERROR(CERT_END, -211) 334 335 // The URL is invalid. 336 NET_ERROR(INVALID_URL, -300) 337 338 // The scheme of the URL is disallowed. 339 NET_ERROR(DISALLOWED_URL_SCHEME, -301) 340 341 // The scheme of the URL is unknown. 342 NET_ERROR(UNKNOWN_URL_SCHEME, -302) 343 344 // Attempting to load an URL resulted in too many redirects. 345 NET_ERROR(TOO_MANY_REDIRECTS, -310) 346 347 // Attempting to load an URL resulted in an unsafe redirect (e.g., a redirect 348 // to file:// is considered unsafe). 349 NET_ERROR(UNSAFE_REDIRECT, -311) 350 351 // Attempting to load an URL with an unsafe port number. These are port 352 // numbers that correspond to services, which are not robust to spurious input 353 // that may be constructed as a result of an allowed web construct (e.g., HTTP 354 // looks a lot like SMTP, so form submission to port 25 is denied). 355 NET_ERROR(UNSAFE_PORT, -312) 356 357 // The server's response was invalid. 358 NET_ERROR(INVALID_RESPONSE, -320) 359 360 // Error in chunked transfer encoding. 361 NET_ERROR(INVALID_CHUNKED_ENCODING, -321) 362 363 // The server did not support the request method. 364 NET_ERROR(METHOD_NOT_SUPPORTED, -322) 365 366 // The response was 407 (Proxy Authentication Required), yet we did not send 367 // the request to a proxy. 368 NET_ERROR(UNEXPECTED_PROXY_AUTH, -323) 369 370 // The server closed the connection without sending any data. 371 NET_ERROR(EMPTY_RESPONSE, -324) 372 373 // The headers section of the response is too large. 374 NET_ERROR(RESPONSE_HEADERS_TOO_BIG, -325) 375 376 // The PAC requested by HTTP did not have a valid status code (non-200). 377 NET_ERROR(PAC_STATUS_NOT_OK, -326) 378 379 // The evaluation of the PAC script failed. 380 NET_ERROR(PAC_SCRIPT_FAILED, -327) 381 382 // The response was 416 (Requested range not satisfiable) and the server cannot 383 // satisfy the range requested. 384 NET_ERROR(REQUEST_RANGE_NOT_SATISFIABLE, -328) 385 386 // The identity used for authentication is invalid. 387 NET_ERROR(MALFORMED_IDENTITY, -329) 388 389 // Content decoding of the response body failed. 390 NET_ERROR(CONTENT_DECODING_FAILED, -330) 391 392 // An operation could not be completed because all network IO 393 // is suspended. 394 NET_ERROR(NETWORK_IO_SUSPENDED, -331) 395 396 // FLIP data received without receiving a SYN_REPLY on the stream. 397 NET_ERROR(SYN_REPLY_NOT_RECEIVED, -332) 398 399 // Converting the response to target encoding failed. 400 NET_ERROR(ENCODING_CONVERSION_FAILED, -333) 401 402 // The server sent an FTP directory listing in a format we do not understand. 403 NET_ERROR(UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT, -334) 404 405 // Attempted use of an unknown SPDY stream id. 406 NET_ERROR(INVALID_SPDY_STREAM, -335) 407 408 // There are no supported proxies in the provided list. 409 NET_ERROR(NO_SUPPORTED_PROXIES, -336) 410 411 // There is a SPDY protocol framing error. 412 NET_ERROR(SPDY_PROTOCOL_ERROR, -337) 413 414 // Credentials could not be established during HTTP Authentication. 415 NET_ERROR(INVALID_AUTH_CREDENTIALS, -338) 416 417 // An HTTP Authentication scheme was tried which is not supported on this 418 // machine. 419 NET_ERROR(UNSUPPORTED_AUTH_SCHEME, -339) 420 421 // Detecting the encoding of the response failed. 422 NET_ERROR(ENCODING_DETECTION_FAILED, -340) 423 424 // (GSSAPI) No Kerberos credentials were available during HTTP Authentication. 425 NET_ERROR(MISSING_AUTH_CREDENTIALS, -341) 426 427 // An unexpected, but documented, SSPI or GSSAPI status code was returned. 428 NET_ERROR(UNEXPECTED_SECURITY_LIBRARY_STATUS, -342) 429 430 // The environment was not set up correctly for authentication (for 431 // example, no KDC could be found or the principal is unknown. 432 NET_ERROR(MISCONFIGURED_AUTH_ENVIRONMENT, -343) 433 434 // An undocumented SSPI or GSSAPI status code was returned. 435 NET_ERROR(UNDOCUMENTED_SECURITY_LIBRARY_STATUS, -344) 436 437 // The HTTP response was too big to drain. 438 NET_ERROR(RESPONSE_BODY_TOO_BIG_TO_DRAIN, -345) 439 440 // The HTTP response was too big to drain. 441 NET_ERROR(RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH, -346) 442 443 // SPDY Headers have been received, but not all of them - status or version 444 // headers are missing, so we're expecting additional frames to complete them. 445 NET_ERROR(INCOMPLETE_SPDY_HEADERS, -347) 446 447 // SPDY server didn't respond to the PING message. 448 NET_ERROR(SPDY_PING_FAILED, -352) 449 450 // The cache does not have the requested entry. 451 NET_ERROR(CACHE_MISS, -400) 452 453 // Unable to read from the disk cache. 454 NET_ERROR(CACHE_READ_FAILURE, -401) 455 456 // Unable to write to the disk cache. 457 NET_ERROR(CACHE_WRITE_FAILURE, -402) 458 459 // The operation is not supported for this entry. 460 NET_ERROR(CACHE_OPERATION_NOT_SUPPORTED, -403) 461 462 // The disk cache is unable to open this entry. 463 NET_ERROR(CACHE_OPEN_FAILURE, -404) 464 465 // The disk cache is unable to create this entry. 466 NET_ERROR(CACHE_CREATE_FAILURE, -405) 467 468 // Multiple transactions are racing to create disk cache entries. This is an 469 // internal error returned from the HttpCache to the HttpCacheTransaction that 470 // tells the transaction to restart the entry-creation logic because the state 471 // of the cache has changed. 472 NET_ERROR(CACHE_RACE, -406) 473 474 // The server's response was insecure (e.g. there was a cert error). 475 NET_ERROR(INSECURE_RESPONSE, -501) 476 477 // The server responded to a <keygen> with a generated client cert that we 478 // don't have the matching private key for. 479 NET_ERROR(NO_PRIVATE_KEY_FOR_CERT, -502) 480 481 // An error adding to the OS certificate database (e.g. OS X Keychain). 482 NET_ERROR(ADD_USER_CERT_FAILED, -503) 483 484 // *** Code -600 is reserved (was FTP_PASV_COMMAND_FAILED). *** 485 486 // A generic error for failed FTP control connection command. 487 // If possible, please use or add a more specific error code. 488 NET_ERROR(FTP_FAILED, -601) 489 490 // The server cannot fulfill the request at this point. This is a temporary 491 // error. 492 // FTP response code 421. 493 NET_ERROR(FTP_SERVICE_UNAVAILABLE, -602) 494 495 // The server has aborted the transfer. 496 // FTP response code 426. 497 NET_ERROR(FTP_TRANSFER_ABORTED, -603) 498 499 // The file is busy, or some other temporary error condition on opening 500 // the file. 501 // FTP response code 450. 502 NET_ERROR(FTP_FILE_BUSY, -604) 503 504 // Server rejected our command because of syntax errors. 505 // FTP response codes 500, 501. 506 NET_ERROR(FTP_SYNTAX_ERROR, -605) 507 508 // Server does not support the command we issued. 509 // FTP response codes 502, 504. 510 NET_ERROR(FTP_COMMAND_NOT_SUPPORTED, -606) 511 512 // Server rejected our command because we didn't issue the commands in right 513 // order. 514 // FTP response code 503. 515 NET_ERROR(FTP_BAD_COMMAND_SEQUENCE, -607) 516 517 // PKCS #12 import failed due to incorrect password. 518 NET_ERROR(PKCS12_IMPORT_BAD_PASSWORD, -701) 519 520 // PKCS #12 import failed due to other error. 521 NET_ERROR(PKCS12_IMPORT_FAILED, -702) 522 523 // CA import failed - not a CA cert. 524 NET_ERROR(IMPORT_CA_CERT_NOT_CA, -703) 525 526 // Import failed - certificate already exists in database. 527 // Note it's a little weird this is an error but reimporting a PKCS12 is ok 528 // (no-op). That's how Mozilla does it, though. 529 NET_ERROR(IMPORT_CERT_ALREADY_EXISTS, -704) 530 531 // CA import failed due to some other error. 532 NET_ERROR(IMPORT_CA_CERT_FAILED, -705) 533 534 // Server certificate import failed due to some internal error. 535 NET_ERROR(IMPORT_SERVER_CERT_FAILED, -706) 536