all: libcanl.la server client
-libcanl.la: canl.lo canl_err.lo canl_dns.lo canl_ssl.lo canl_cert.lo
+libcanl.la: canl.lo canl_err.lo canl_dns.lo canl_ssl.lo canl_cert.lo canl_err_desc.lo
${LINK} -rpath ${stagedir}${prefix}/${libdir} ${version_info} $+ ${LFLAGS_LIB} -o $@
canl.lo: canl.c ${HEAD_CANL}
${OBJ_SER}: ${SRC_SER} ${HEAD_SER} libcanl.la
${COMPILE} -c ${top_srcdir}/src/${SRC_SER} ${CFLAGS_SER} -o $@
-canl_err.h: canl_error_codes
+canl_err.h: canl_error_codes
${top_srcdir}/src/gen_err_codes.pl < $^ > $@
+canl_err_desc.lo: canl_err_desc.c ${HEAD_CANL}
+ ${COMPILE} -c canl_err_desc.c ${CFLAGS_LIB} -o $@
+
+canl_err_desc.c: canl_error_codes canl_error_desc
+ ${top_srcdir}/src/gen_err_desc.pl $^ > $@
check:
$(MAKE) install PREFIX=${stagedir}
clean:
- rm -rfv *.o *.lo libcanl.la .libs client server
+ rm -rfv *.o *.lo libcanl.la .libs client server canl_err.h canl_err_desc.c
--- /dev/null
+#
+# Generic errors
+#
+
+unknown=Unknown error
+unknown.category=OTHER
+
+unknownMsg={0}
+unknownMsg.category=OTHER
+
+inputError=Input certificate chain processing error: {0}
+inputError.category=GENERAL_INPUT
+
+#
+# Namespace related errors
+#
+
+nsUndefinedAndRequired=Namespace definition for the certificate issuer ({0}) is not defined, and namespaces are configured to be required.
+nsUndefinedAndRequired.category=NAMESPACE
+
+nsDeny=The certificate subject {0} is denied by the namespace policy: {1}
+nsDeny.category=NAMESPACE
+
+nsNotAccepted=The certificate subject {0} is not accepted by any rule of the the relevant namespace policies. Policies which matches the issuer are: {1}
+nsNotAccepted.category=NAMESPACE
+
+
+#
+# Proxy certificate specific errors
+#
+
+proxyEECInChain=Certificate issued by an end-entity certificate or a proxy certificate is not a proxy proxy certificate.
+proxyEECInChain.category=INCONSISTENT_PROXY_CHAIN
+
+proxyLength=At the current position the proxy certificates chain exceeded its length limit.
+proxyLength.category=INCONSISTENT_PROXY_CHAIN
+
+proxyNoIssuer=Issuing end entity certificate was not found in the chain with proxy certificates.
+proxyNoIssuer.category=INCONSISTENT_PROXY_CHAIN
+
+proxyCASet=Proxy certificate has the cA field set
+proxyCASet.category=INVALID_PROXY_CERT
+
+proxyIssuerAltNameSet=Proxy certificate has the IssuerAlternativeName set
+proxyIssuerAltNameSet.category=INVALID_PROXY_CERT
+
+proxySubjectAltNameSet=Proxy certificate has the SubjectAlternativeName set
+proxySubjectAltNameSet.category=INVALID_PROXY_CERT
+
+proxyIssuedByCa=Proxy certificate issuer has the cA field set
+proxyIssuedByCa.category=INCONSISTENT_PROXY_CHAIN
+
+proxyNoIssuerSubject=Proxy certificate issuer has no Subject field set
+proxyNoIssuerSubject.category=INVALID_PROXY_CERT
+
+proxySubjectInconsistent=Proxy certificate issuer field is different than the issuing certificate subject field set.
+proxySubjectInconsistent.category=INCONSISTENT_PROXY_CHAIN
+
+proxyIssuerNoDsig=Proxy certificate issuer has no digital signature creation right
+proxyIssuerNoDsig.category=INCONSISTENT_PROXY_CHAIN
+
+proxySubjectOneRDN=The proxy certificate subject name has less then two elements
+proxySubjectOneRDN.category=INVALID_PROXY_CERT
+
+proxySubjectMultiLastRDN=The last RDN in proxy subject name is multivalued
+proxySubjectMultiLastRDN.category=INVALID_PROXY_CERT
+
+proxySubjectLastRDNNotCN=The last RDN in proxy subject name is not a CN
+proxySubjectLastRDNNotCN.category=INVALID_PROXY_CERT
+
+proxySubjectBaseWrong=The proxy subject without its last CN component is not equal to its issuer name
+proxySubjectBaseWrong.category=INVALID_PROXY_CERT
+
+
+#
+# Regular X.509 path validation errors
+#
+
+noIssuerPublicKey=Trusted issuer of this certificate was not established
+noIssuerPublicKey.category=X509_CHAIN
+
+noBasicConstraints=The selected CA certificate does not contain the mandatory Basic Constraints extension
+noBasicConstraints.category=X509_BASIC
+
+pathLenghtExtended=Total chain length exceeds the limit
+pathLenghtExtended.category=X509_CHAIN
+
+conflictingTrustAnchors=More then one trusted CA certificate was found for the certificate chain
+conflictingTrustAnchors.category=X509_CHAIN
+
+noTrustAnchorFound=No trusted CA certificate was found for the certificate chain
+noTrustAnchorFound.category=X509_CHAIN
+noTrustAnchorFound.openssl_code=ERR_LIB_X509V3,X509V3_R_NO_ISSUER_CERTIFICATE
+
+trustButInvalidCert=CA certificate was found for the certificate chain but the initial certificate in chain is not issued (correctly signed) by the CA certificate
+trustButInvalidCert.category=X509_CHAIN
+
+signatureNotVerified=Unable to verify signature of certificates in the chain: {0}
+signatureNotVerified.category=X509_BASIC
+
+certificateNotYetValid=Certificate is not yet valid. Will be from: {0}
+certificateNotYetValid.category=X509_BASIC
+
+certificateExpired=Certificate has expired at: {0}
+certificateExpired.category=X509_BASIC
+
+noCACert=CA certificate was not found for the chain
+noCACert.category=X509_CHAIN
+
+noCertSign=Issuer of the certificate is not eligible to sign certificates as its certificate has no keyCertSign flag set in its KeyUsage extension.
+noCertSign.category=X509_CHAIN
+
+unknownCriticalExt=Unknown critical extension was found: {0}
+unknownCriticalExt.category=X509_BASIC
+
+certRevoked=Certificate was revoked at: {0}, the reason reported is: {1}
+certRevoked.category=CRL
+
+noBaseCRL=Base CRL for the delta CRL was not found
+noBaseCRL.category=CRL
+
+noValidCrlFound=No valid CRL was found for the CA which issued the chain
+noValidCrlFound.category=CRL
+
+#
+# Rare errors lacking "translations" and meta-information
+#
+#
+# certPathCheckerError
+# certPathValidDate
+# certWrongIssuer
+# criticalExtensionError
+# crlAuthInfoAccError
+# crlBCExtError
+# crlDistPoint
+# crlDistPtExtError
+# crlExtractionError
+# crlIssuerException
+# crlNbrExtError
+# crlNoIssuerPublicKey
+# crlOnlyAttrCert
+# crlOnlyCaCert
+# crlOnlyUserCert
+# crlReasonExtError
+# crlUpdateAvailable
+# crlVerifyFailed
+# deltaCrlExtError
+# distrPtExtError
+# emptyCertPath
+# errorProcesingBC
+# excludedDN
+# excludedEmail
+# excludedIP
+# explicitPolicy
+# invalidPolicy
+# invalidPolicyMapping
+# loadCrlDistPointError
+# localInvalidCRL
+# localValidCRL
+# ncExtError
+# ncSubjectNameError
+# noCrlInCertstore
+# noCrlSigningPermited
+# notPermittedDN
+# notPermittedEmail
+# notPermittedIP
+# notRevoked
+# noValidPolicyTree
+# ocspLocation
+# onlineCRLWrongCA
+# onlineInvalidCRL
+# onlineValidCRL
+# policyConstExtError
+# policyExtError
+# policyInhibitExtError
+# policyMapExtError
+# policyQualifierError
+# processLengthConstError
+# pubKeyError
+# QcEuCompliance
+# QcLimitValueAlpha
+# QcLimitValueNum
+# QcSSCD
+# QcStatementExtError
+# QcUnknownStatement
+# revokedAfterValidation
+# rootKeyIsValidButNotATrustAnchor
+# signatureNotVerified
+# subjAltNameExtError
+# totalPathLength
+# trustAnchorIssuerError
+# trustDNInvalid
+# trustPubKeyError
+# unknown
--- /dev/null
+#!/usr/bin/perl
+
+my $codes_file = $ARGV[0];
+my $desc_file = $ARGV[1];
+
+my %codes;
+my $err_name, $err_dsc, $openssl_err_lib, $openssl_err_reason;
+
+sub make_c_line
+{
+ my ($err_name, $err_dsc, $openssl_err_lib, $openssl_err_reason) = @_;
+
+ printf("\n { CANL_ERR_%s, \"%s\", %s, %s },",
+ $err_name, $err_dsc,
+ ($openssl_err_lib) ? $openssl_err_lib : "ERR_LIB_NONE",
+ ($openssl_err_reason) ? $openssl_err_reason : 0);
+}
+
+die ("Usage: $0 <codes> <description>") if (!$codes_file || !$desc_file);
+
+open (ERRS, $codes_file) or die ("Failed to open $codes_file: $!");
+while (<ERRS>) {
+ chomp;
+ next if /^\s*#/;
+ $codes{$_} = 1;
+}
+close (ERRS);
+
+print qq (/*
+ * Automatically generated file. Don't edit.
+ */
+
+#include "canl_locl.h"
+
+struct canl_err_desc canl_err_descs[] = {);
+
+open (DESC, $desc_file) or die ("Failed to open $desc_file: $!");
+while (<DESC>) {
+ chomp;
+ next if /^\s*#/;
+
+ $line = $_;
+ if (!$line) {
+ make_c_line($err_name, $err_dsc, $openssl_err_lib, $openssl_err_reason)
+ if ($err_name);
+ $err_name = $err_dsc = $openssl_err_lib = $openssl_err_reason = "";
+ next;
+ }
+
+ if (!$err_name) {
+ ($err_name, $err_dsc) = split(/=/, $line, 2);
+ defined($codes{$err_name}) or die("Unknown error code ('$err_name') read");
+ next;
+ }
+
+ if ($line =~ m/(.+)\.openssl_code=(.+),(.+)/) {
+ ($name, $openssl_err_lib, $openssl_err_reason) = ($1,$2,$3);
+ die ("Parsing error (\"$line\")") if ($name != $err_name);
+ next;
+ }
+}
+close (DESC);
+
+make_c_line ($err_name, $err_dsc, $openssl_err_lib, $openssl_err_reason)
+ if ($err_name);
+
+print STDOUT qq (
+};
+);
git://scientific.zcu.cz / jra1mw.git / commitdiff