------------------------------------------------------------ revno: 12610 revision-id: squid3@treenet.co.nz-20130910073109-6daq6g95rs58jyf4 parent: squid3@treenet.co.nz-20130910072244-ivf8w0zblh9w4cy1 author: Christos Tsantilas committer: Amos Jeffries branch nick: 3.3 timestamp: Tue 2013-09-10 01:31:09 -0600 message: Sync with newest OpenSSL error codes This patch updates Squid list of errors to handle the ones available in newer OpenSSL versions. This is a Measurement Factory project ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20130910073109-6daq6g95rs58jyf4 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: 6497ab4a2ec7ebaf182cf034ec0cd51666e439fd # timestamp: 2013-09-10 07:42:06 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20130910072244-\ # ivf8w0zblh9w4cy1 # # Begin patch === modified file 'errors/templates/error-details.txt' --- errors/templates/error-details.txt 2013-09-10 07:22:44 +0000 +++ errors/templates/error-details.txt 2013-09-10 07:31:09 +0000 @@ -134,6 +134,90 @@ detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" === modified file 'src/ssl/ErrorDetail.cc' --- src/ssl/ErrorDetail.cc 2013-09-10 07:22:44 +0000 +++ src/ssl/ErrorDetail.cc 2013-09-10 07:31:09 +0000 @@ -89,6 +89,132 @@ "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"}, {X509_V_ERR_KEYUSAGE_NO_CERTSIGN, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"}, +#if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER) + { + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33 + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34 + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN) + { + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35 + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36 + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_NON_CA) + { + X509_V_ERR_INVALID_NON_CA, //37 + "X509_V_ERR_INVALID_NON_CA" + }, +#endif +#if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED) + { + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38 + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE) + { + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39 + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE" + }, +#endif +#if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED) + { + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40 + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED" + }, +#endif +#if defined(X509_V_ERR_INVALID_EXTENSION) + { + X509_V_ERR_INVALID_EXTENSION, //41 + "X509_V_ERR_INVALID_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_POLICY_EXTENSION) + { + X509_V_ERR_INVALID_POLICY_EXTENSION, //42 + "X509_V_ERR_INVALID_POLICY_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_NO_EXPLICIT_POLICY) + { + X509_V_ERR_NO_EXPLICIT_POLICY, //43 + "X509_V_ERR_NO_EXPLICIT_POLICY" + }, +#endif +#if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE) + { + X509_V_ERR_DIFFERENT_CRL_SCOPE, //44 + "X509_V_ERR_DIFFERENT_CRL_SCOPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE) + { + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45 + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE" + }, +#endif +#if defined(X509_V_ERR_UNNESTED_RESOURCE) + { + X509_V_ERR_UNNESTED_RESOURCE, //46 + "X509_V_ERR_UNNESTED_RESOURCE" + }, +#endif +#if defined(X509_V_ERR_PERMITTED_VIOLATION) + { + X509_V_ERR_PERMITTED_VIOLATION, //47 + "X509_V_ERR_PERMITTED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_EXCLUDED_VIOLATION) + { + X509_V_ERR_EXCLUDED_VIOLATION, //48 + "X509_V_ERR_EXCLUDED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_SUBTREE_MINMAX) + { + X509_V_ERR_SUBTREE_MINMAX, //49 + "X509_V_ERR_SUBTREE_MINMAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53 + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR) + { + X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54 + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR" + }, +#endif {X509_V_ERR_APPLICATION_VERIFICATION, "X509_V_ERR_APPLICATION_VERIFICATION"}, { SSL_ERROR_NONE, "SSL_ERROR_NONE"},