mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 22:36:09 +03:00
65 lines
3.1 KiB
C++
65 lines
3.1 KiB
C++
// Copyright 2017 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "net/cert/internal/common_cert_errors.h"
|
|
|
|
namespace net {
|
|
|
|
namespace cert_errors {
|
|
|
|
DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
|
|
DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
|
|
DEFINE_CERT_ERROR_ID(kDistrustedByTrustStore, "Distrusted by trust store");
|
|
|
|
DEFINE_CERT_ERROR_ID(
|
|
kSignatureAlgorithmMismatch,
|
|
"Certificate.signatureAlgorithm != TBSCertificate.signature");
|
|
|
|
DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
|
|
DEFINE_CERT_ERROR_ID(kChainIsLength1,
|
|
"TODO: Cannot verify a chain of length 1");
|
|
DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
|
|
"Unconsumed critical extension");
|
|
DEFINE_CERT_ERROR_ID(
|
|
kTargetCertInconsistentCaBits,
|
|
"Target certificate looks like a CA but does not set all CA properties");
|
|
DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
|
|
DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
|
|
DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
|
|
"Basic Constraints indicates not a CA");
|
|
DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
|
|
"Does not have Basic Constraints");
|
|
DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
|
|
"Not permitted by name constraints");
|
|
DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
|
|
"subject does not match issuer");
|
|
DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
|
|
DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
|
|
"Certificate.signatureAlgorithm is encoded differently "
|
|
"than TBSCertificate.signature");
|
|
DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth,
|
|
"The extended key usage does not include server auth");
|
|
DEFINE_CERT_ERROR_ID(kEkuLacksServerAuthButHasGatedCrypto,
|
|
"The extended key usage does not include server auth but "
|
|
"instead includes Netscape Server Gated Crypto");
|
|
DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth,
|
|
"The extended key usage does not include client auth");
|
|
DEFINE_CERT_ERROR_ID(kCertIsNotTrustAnchor,
|
|
"Certificate is not a trust anchor");
|
|
DEFINE_CERT_ERROR_ID(kNoValidPolicy, "No valid policy");
|
|
DEFINE_CERT_ERROR_ID(kPolicyMappingAnyPolicy,
|
|
"PolicyMappings must not map anyPolicy");
|
|
DEFINE_CERT_ERROR_ID(kFailedParsingSpki, "Couldn't parse SubjectPublicKeyInfo");
|
|
DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm,
|
|
"Unacceptable signature algorithm");
|
|
DEFINE_CERT_ERROR_ID(kUnacceptablePublicKey, "Unacceptable public key");
|
|
DEFINE_CERT_ERROR_ID(kCertificateRevoked, "Certificate is revoked");
|
|
DEFINE_CERT_ERROR_ID(kNoRevocationMechanism,
|
|
"Certificate lacks a revocation mechanism");
|
|
DEFINE_CERT_ERROR_ID(kUnableToCheckRevocation, "Unable to check revocation");
|
|
|
|
} // namespace cert_errors
|
|
|
|
} // namespace net
|