From 6a4a5ae2cca42c5143d82b2fd5520c1c64724d4f Mon Sep 17 00:00:00 2001 From: Laszlo Kovacs Date: Tue, 31 Mar 2015 17:06:21 -0400 Subject: [PATCH 20/26] Add X509 OCSP error codes and messages (cherry picked from commit 8c4ff4620e14caca7c45038f88f6b72971c1944b) --- crypto/x509/x509_txt.c | 6 ++++++ include/openssl/x509_vfy.h | 3 +++ 2 files changed, 9 insertions(+) diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 6e8cdaa..636fc2d 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -150,6 +150,12 @@ const char *X509_verify_cert_error_string(long n) return ("unable to get CRL issuer certificate"); case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: return ("unhandled critical extension"); + case X509_V_ERR_OCSP_VERIFY_NEEDED: + return("OCSP verification needed"); + case X509_V_ERR_OCSP_VERIFY_FAILED: + return("OCSP verification failed"); + case X509_V_ERR_OCSP_CERT_UNKNOWN: + return("OCSP unknown cert"); case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: return ("key usage does not include CRL signing"); case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 0be9b5a..68ac64c 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -359,6 +359,9 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* The application is not happy */ # define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_OCSP_VERIFY_NEEDED 101 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 102 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 103 /* Certificate wasn't recognized by the OCSP responder */ /* Certificate verify flags */ -- 2.3.2 (Apple Git-55)