1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #define UNUSED_ERROR(x) ER3(SSL_ERROR_UNUSED_##x, (SSL_ERROR_BASE + x), \ 6 "Unrecognized SSL error_code.") 7 8 /* SSL-specific security error codes */ 9 /* caller must include "sslerr.h" */ 10 11 ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, 12 "Unable to communicate securely. Peer does not support high-grade encryption.") 13 14 ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, 15 "Unable to communicate securely. Peer requires high-grade encryption which is not supported.") 16 17 ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, 18 "Cannot communicate securely with peer: no common encryption algorithm(s).") 19 20 ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, 21 "Unable to find the certificate or key necessary for authentication.") 22 23 ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, 24 "Unable to communicate securely with peer: peers's certificate was rejected.") 25 26 UNUSED_ERROR(5) 27 28 ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, 29 "The server has encountered bad data from the client.") 30 31 ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, 32 "The client has encountered bad data from the server.") 33 34 ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, 35 "Unsupported certificate type.") 36 37 ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, 38 "Peer using unsupported version of security protocol.") 39 40 UNUSED_ERROR(10) 41 42 ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, 43 "Client authentication failed: private key in key database does not match public key in certificate database.") 44 45 ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, 46 "Unable to communicate securely with peer: requested domain name does not match the server's certificate.") 47 48 ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13, 49 "Unrecognized SSL error code.") 50 51 ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), 52 "Peer only supports SSL version 2, which is locally disabled.") 53 54 ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), 55 "SSL received a record with an incorrect Message Authentication Code.") 56 57 ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), 58 "SSL peer reports incorrect Message Authentication Code.") 59 60 ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), 61 "SSL peer cannot verify your certificate.") 62 63 ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), 64 "SSL peer rejected your certificate as revoked.") 65 66 ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), 67 "SSL peer rejected your certificate as expired.") 68 69 ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), 70 "Cannot connect: SSL is disabled.") 71 72 ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), 73 "Cannot connect: SSL peer is in another FORTEZZA domain.") 74 75 ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE, (SSL_ERROR_BASE + 22), 76 "An unknown SSL cipher suite has been requested.") 77 78 ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED, (SSL_ERROR_BASE + 23), 79 "No cipher suites are present and enabled in this program.") 80 81 ER3(SSL_ERROR_BAD_BLOCK_PADDING, (SSL_ERROR_BASE + 24), 82 "SSL received a record with bad block padding.") 83 84 ER3(SSL_ERROR_RX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 25), 85 "SSL received a record that exceeded the maximum permissible length.") 86 87 ER3(SSL_ERROR_TX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 26), 88 "SSL attempted to send a record that exceeded the maximum permissible length.") 89 90 /* 91 * Received a malformed (too long or short or invalid content) SSL handshake. 92 */ 93 ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, (SSL_ERROR_BASE + 27), 94 "SSL received a malformed Hello Request handshake message.") 95 96 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, (SSL_ERROR_BASE + 28), 97 "SSL received a malformed Client Hello handshake message.") 98 99 ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, (SSL_ERROR_BASE + 29), 100 "SSL received a malformed Server Hello handshake message.") 101 102 ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE, (SSL_ERROR_BASE + 30), 103 "SSL received a malformed Certificate handshake message.") 104 105 ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 31), 106 "SSL received a malformed Server Key Exchange handshake message.") 107 108 ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST, (SSL_ERROR_BASE + 32), 109 "SSL received a malformed Certificate Request handshake message.") 110 111 ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE, (SSL_ERROR_BASE + 33), 112 "SSL received a malformed Server Hello Done handshake message.") 113 114 ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, (SSL_ERROR_BASE + 34), 115 "SSL received a malformed Certificate Verify handshake message.") 116 117 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 35), 118 "SSL received a malformed Client Key Exchange handshake message.") 119 120 ER3(SSL_ERROR_RX_MALFORMED_FINISHED, (SSL_ERROR_BASE + 36), 121 "SSL received a malformed Finished handshake message.") 122 123 /* 124 * Received a malformed (too long or short) SSL record. 125 */ 126 ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER, (SSL_ERROR_BASE + 37), 127 "SSL received a malformed Change Cipher Spec record.") 128 129 ER3(SSL_ERROR_RX_MALFORMED_ALERT, (SSL_ERROR_BASE + 38), 130 "SSL received a malformed Alert record.") 131 132 ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE, (SSL_ERROR_BASE + 39), 133 "SSL received a malformed Handshake record.") 134 135 ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA, (SSL_ERROR_BASE + 40), 136 "SSL received a malformed Application Data record.") 137 138 /* 139 * Received an SSL handshake that was inappropriate for the state we're in. 140 * E.g. Server received message from server, or wrong state in state machine. 141 */ 142 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST, (SSL_ERROR_BASE + 41), 143 "SSL received an unexpected Hello Request handshake message.") 144 145 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO, (SSL_ERROR_BASE + 42), 146 "SSL received an unexpected Client Hello handshake message.") 147 148 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO, (SSL_ERROR_BASE + 43), 149 "SSL received an unexpected Server Hello handshake message.") 150 151 ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, (SSL_ERROR_BASE + 44), 152 "SSL received an unexpected Certificate handshake message.") 153 154 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 45), 155 "SSL received an unexpected Server Key Exchange handshake message.") 156 157 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST, (SSL_ERROR_BASE + 46), 158 "SSL received an unexpected Certificate Request handshake message.") 159 160 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE, (SSL_ERROR_BASE + 47), 161 "SSL received an unexpected Server Hello Done handshake message.") 162 163 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, (SSL_ERROR_BASE + 48), 164 "SSL received an unexpected Certificate Verify handshake message.") 165 166 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 49), 167 "SSL received an unexpected Client Key Exchange handshake message.") 168 169 ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED, (SSL_ERROR_BASE + 50), 170 "SSL received an unexpected Finished handshake message.") 171 172 /* 173 * Received an SSL record that was inappropriate for the state we're in. 174 */ 175 ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER, (SSL_ERROR_BASE + 51), 176 "SSL received an unexpected Change Cipher Spec record.") 177 178 ER3(SSL_ERROR_RX_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 52), 179 "SSL received an unexpected Alert record.") 180 181 ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE, (SSL_ERROR_BASE + 53), 182 "SSL received an unexpected Handshake record.") 183 184 ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), 185 "SSL received an unexpected Application Data record.") 186 187 /* 188 * Received record/message with unknown discriminant. 189 */ 190 ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, (SSL_ERROR_BASE + 55), 191 "SSL received a record with an unknown content type.") 192 193 ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE, (SSL_ERROR_BASE + 56), 194 "SSL received a handshake message with an unknown message type.") 195 196 ER3(SSL_ERROR_RX_UNKNOWN_ALERT, (SSL_ERROR_BASE + 57), 197 "SSL received an alert record with an unknown alert description.") 198 199 /* 200 * Received an alert reporting what we did wrong. (more alerts above) 201 */ 202 ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT, (SSL_ERROR_BASE + 58), 203 "SSL peer has closed this connection.") 204 205 ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 59), 206 "SSL peer was not expecting a handshake message it received.") 207 208 ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT, (SSL_ERROR_BASE + 60), 209 "SSL peer was unable to successfully decompress an SSL record it received.") 210 211 ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT, (SSL_ERROR_BASE + 61), 212 "SSL peer was unable to negotiate an acceptable set of security parameters.") 213 214 ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, (SSL_ERROR_BASE + 62), 215 "SSL peer rejected a handshake message for unacceptable content.") 216 217 ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT, (SSL_ERROR_BASE + 63), 218 "SSL peer does not support certificates of the type it received.") 219 220 ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT, (SSL_ERROR_BASE + 64), 221 "SSL peer had some unspecified issue with the certificate it received.") 222 223 ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE, (SSL_ERROR_BASE + 65), 224 "SSL experienced a failure of its random number generator.") 225 226 ER3(SSL_ERROR_SIGN_HASHES_FAILURE, (SSL_ERROR_BASE + 66), 227 "Unable to digitally sign data required to verify your certificate.") 228 229 ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE, (SSL_ERROR_BASE + 67), 230 "SSL was unable to extract the public key from the peer's certificate.") 231 232 ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 68), 233 "Unspecified failure while processing SSL Server Key Exchange handshake.") 234 235 ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 69), 236 "Unspecified failure while processing SSL Client Key Exchange handshake.") 237 238 ER3(SSL_ERROR_ENCRYPTION_FAILURE, (SSL_ERROR_BASE + 70), 239 "Bulk data encryption algorithm failed in selected cipher suite.") 240 241 ER3(SSL_ERROR_DECRYPTION_FAILURE, (SSL_ERROR_BASE + 71), 242 "Bulk data decryption algorithm failed in selected cipher suite.") 243 244 ER3(SSL_ERROR_SOCKET_WRITE_FAILURE, (SSL_ERROR_BASE + 72), 245 "Attempt to write encrypted data to underlying socket failed.") 246 247 ER3(SSL_ERROR_MD5_DIGEST_FAILURE, (SSL_ERROR_BASE + 73), 248 "MD5 digest function failed.") 249 250 ER3(SSL_ERROR_SHA_DIGEST_FAILURE, (SSL_ERROR_BASE + 74), 251 "SHA-1 digest function failed.") 252 253 ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE, (SSL_ERROR_BASE + 75), 254 "MAC computation failed.") 255 256 ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE, (SSL_ERROR_BASE + 76), 257 "Failure to create Symmetric Key context.") 258 259 ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE, (SSL_ERROR_BASE + 77), 260 "Failure to unwrap the Symmetric key in Client Key Exchange message.") 261 262 ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED, (SSL_ERROR_BASE + 78), 263 "SSL Server attempted to use domestic-grade public key with export cipher suite.") 264 265 ER3(SSL_ERROR_IV_PARAM_FAILURE, (SSL_ERROR_BASE + 79), 266 "PKCS11 code failed to translate an IV into a param.") 267 268 ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, (SSL_ERROR_BASE + 80), 269 "Failed to initialize the selected cipher suite.") 270 271 ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE, (SSL_ERROR_BASE + 81), 272 "Client failed to generate session keys for SSL session.") 273 274 ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG, (SSL_ERROR_BASE + 82), 275 "Server has no key for the attempted key exchange algorithm.") 276 277 ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL, (SSL_ERROR_BASE + 83), 278 "PKCS#11 token was inserted or removed while operation was in progress.") 279 280 ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND, (SSL_ERROR_BASE + 84), 281 "No PKCS#11 token could be found to do a required operation.") 282 283 ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP, (SSL_ERROR_BASE + 85), 284 "Cannot communicate securely with peer: no common compression algorithm(s).") 285 286 ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED, (SSL_ERROR_BASE + 86), 287 "Cannot perform the operation until the handshake is complete.") 288 289 ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, (SSL_ERROR_BASE + 87), 290 "Received incorrect handshakes hash values from peer.") 291 292 ER3(SSL_ERROR_CERT_KEA_MISMATCH, (SSL_ERROR_BASE + 88), 293 "The certificate provided cannot be used with the selected authentication type.") 294 295 ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA, (SSL_ERROR_BASE + 89), 296 "No certificate authority is trusted for SSL client authentication.") 297 298 ER3(SSL_ERROR_SESSION_NOT_FOUND, (SSL_ERROR_BASE + 90), 299 "Client's SSL session ID not found in server's session cache.") 300 301 ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT, (SSL_ERROR_BASE + 91), 302 "Peer was unable to decrypt an SSL record it received.") 303 304 ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT, (SSL_ERROR_BASE + 92), 305 "Peer received an SSL record that was longer than is permitted.") 306 307 ER3(SSL_ERROR_UNKNOWN_CA_ALERT, (SSL_ERROR_BASE + 93), 308 "Peer does not recognize and trust the CA that issued your certificate.") 309 310 ER3(SSL_ERROR_ACCESS_DENIED_ALERT, (SSL_ERROR_BASE + 94), 311 "Peer received a valid certificate, but access was denied.") 312 313 ER3(SSL_ERROR_DECODE_ERROR_ALERT, (SSL_ERROR_BASE + 95), 314 "Peer could not decode an SSL handshake message.") 315 316 ER3(SSL_ERROR_DECRYPT_ERROR_ALERT, (SSL_ERROR_BASE + 96), 317 "Peer reports failure of signature verification or key exchange.") 318 319 ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT, (SSL_ERROR_BASE + 97), 320 "Peer reports negotiation not in compliance with export regulations.") 321 322 ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT, (SSL_ERROR_BASE + 98), 323 "Peer reports incompatible or unsupported protocol version.") 324 325 ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT, (SSL_ERROR_BASE + 99), 326 "Server requires ciphers more secure than those supported by client.") 327 328 ER3(SSL_ERROR_INTERNAL_ERROR_ALERT, (SSL_ERROR_BASE + 100), 329 "Peer reports it experienced an internal error.") 330 331 ER3(SSL_ERROR_USER_CANCELED_ALERT, (SSL_ERROR_BASE + 101), 332 "Peer user canceled handshake.") 333 334 ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT, (SSL_ERROR_BASE + 102), 335 "Peer does not permit renegotiation of SSL security parameters.") 336 337 ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED, (SSL_ERROR_BASE + 103), 338 "SSL server cache not configured and not disabled for this socket.") 339 340 ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT, (SSL_ERROR_BASE + 104), 341 "SSL peer does not support requested TLS hello extension.") 342 343 ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT, (SSL_ERROR_BASE + 105), 344 "SSL peer could not obtain your certificate from the supplied URL.") 345 346 ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT, (SSL_ERROR_BASE + 106), 347 "SSL peer has no certificate for the requested DNS name.") 348 349 ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT, (SSL_ERROR_BASE + 107), 350 "SSL peer was unable to get an OCSP response for its certificate.") 351 352 ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT, (SSL_ERROR_BASE + 108), 353 "SSL peer reported bad certificate hash value.") 354 355 ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109), 356 "SSL received an unexpected New Session Ticket handshake message.") 357 358 ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110), 359 "SSL received a malformed New Session Ticket handshake message.") 360 361 ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111), 362 "SSL received a compressed record that could not be decompressed.") 363 364 ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112), 365 "Renegotiation is not allowed on this SSL socket.") 366 367 ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113), 368 "Peer attempted old style (potentially vulnerable) handshake.") 369 370 ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114), 371 "SSL received an unexpected uncompressed record.") 372 373 ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115), 374 "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.") 375 376 ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116), 377 "SSL received invalid ALPN extension data.") 378 379 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117), 380 "SSL feature not supported for SSL 2.0 connections.") 381 382 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118), 383 "SSL feature not supported for servers.") 384 385 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119), 386 "SSL feature not supported for clients.") 387 388 ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120), 389 "SSL version range is not valid.") 390 391 ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 121), 392 "SSL peer selected a cipher suite disallowed for the selected protocol version.") 393 394 ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 122), 395 "SSL received a malformed Hello Verify Request handshake message.") 396 397 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123), 398 "SSL received an unexpected Hello Verify Request handshake message.") 399 400 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124), 401 "SSL feature not supported for the protocol version.") 402 403 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125), 404 "SSL received an unexpected Certificate Status handshake message.") 405 406 ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126), 407 "Unsupported hash algorithm used by TLS peer.") 408 409 ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127), 410 "Digest function failed.") 411 412 ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128), 413 "Incorrect signature algorithm specified in a digitally-signed element.") 414 415 ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129), 416 "The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.") 417 418 ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), 419 "The server supports no protocols that the client advertises in the ALPN extension.") 420 421 ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131), 422 "The server rejected the handshake because the client downgraded to a lower " 423 "TLS version than the server supports.") 424 425 ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132), 426 "The server certificate included a public key that was too weak.") 427 428 ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133), 429 "Not enough room in buffer for DTLS record.") 430 431 ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), 432 "No supported TLS signature algorithm was configured.") 433 434 ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), 435 "The peer used an unsupported combination of signature and hash algorithm.") 436 437 ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136), 438 "The peer tried to resume without a correct extended_master_secret extension") 439 440 ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137), 441 "The peer tried to resume with an unexpected extended_master_secret extension") 442 443 ER3(SSL_ERROR_RX_MALFORMED_KEY_SHARE, (SSL_ERROR_BASE + 138), 444 "SSL received a malformed Key Share extension.") 445 446 ER3(SSL_ERROR_MISSING_KEY_SHARE, (SSL_ERROR_BASE + 139), 447 "SSL expected a Key Share extension.") 448 449 ER3(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE, (SSL_ERROR_BASE + 140), 450 "SSL received a malformed ECDHE key share handshake extension.") 451 452 ER3(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE, (SSL_ERROR_BASE + 141), 453 "SSL received a malformed DHE key share handshake extension.") 454 455 ER3(SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 142), 456 "SSL received an unexpected Encrypted Extensions handshake message.") 457 458 ER3(SSL_ERROR_MISSING_EXTENSION_ALERT, (SSL_ERROR_BASE + 143), 459 "SSL received a missing_extension alert.") 460 461 ER3(SSL_ERROR_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 144), 462 "SSL had an error performing key exchange.") 463 464 ER3(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 145), 465 "SSL received an extension that is not permitted for this version.") 466 467 ER3(SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 146), 468 "SSL received a malformed Encrypted Extensions handshake message.") 469 470 ER3(SSL_ERROR_RX_MALFORMED_PRE_SHARED_KEY, (SSL_ERROR_BASE + 147), 471 "SSL received an invalid PreSharedKey extension.") 472 473 ER3(SSL_ERROR_RX_MALFORMED_EARLY_DATA, (SSL_ERROR_BASE + 148), 474 "SSL received an invalid EarlyData extension.") 475 476 UNUSED_ERROR(149) 477 478 ER3(SSL_ERROR_MISSING_ALPN_EXTENSION, (SSL_ERROR_BASE + 150), 479 "SSL didn't receive an expected ALPN extension.") 480 481 ER3(SSL_ERROR_RX_UNEXPECTED_EXTENSION, (SSL_ERROR_BASE + 151), 482 "SSL received an unexpected extension.") 483 484 ER3(SSL_ERROR_MISSING_SUPPORTED_GROUPS, (SSL_ERROR_BASE + 152), 485 "SSL expected a supported groups extension.") 486 487 ER3(SSL_ERROR_TOO_MANY_RECORDS, (SSL_ERROR_BASE + 153), 488 "SSL sent or received too many records with the same symmetric key.") 489 490 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST, (SSL_ERROR_BASE + 154), 491 "SSL received an unexpected Hello Retry Request handshake message.") 492 493 ER3(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST, (SSL_ERROR_BASE + 155), 494 "SSL received a malformed Hello Retry Request handshake message.") 495 496 ER3(SSL_ERROR_BAD_2ND_CLIENT_HELLO, (SSL_ERROR_BASE + 156), 497 "SSL received a second Client Hello message without a usable key share.") 498 499 ER3(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION, (SSL_ERROR_BASE + 157), 500 "SSL expected a signature algorithms extension.") 501 502 ER3(SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 158), 503 "SSL received a malformed PSK key exchange modes extension.") 504 505 ER3(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 159), 506 "SSL expected a PSK key exchange modes extension.") 507 508 ER3(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA, (SSL_ERROR_BASE + 160), 509 "SSL got a pre-TLS 1.3 version even though we sent early data.") 510 511 ER3(SSL_ERROR_TOO_MUCH_EARLY_DATA, (SSL_ERROR_BASE + 161), 512 "SSL received more early data than permitted.") 513 514 ER3(SSL_ERROR_RX_UNEXPECTED_END_OF_EARLY_DATA, (SSL_ERROR_BASE + 162), 515 "SSL received an unexpected End of Early Data message.") 516 517 ER3(SSL_ERROR_RX_MALFORMED_END_OF_EARLY_DATA, (SSL_ERROR_BASE + 163), 518 "SSL received a malformed End of Early Data message.") 519 520 ER3(SSL_ERROR_UNSUPPORTED_EXPERIMENTAL_API, (SSL_ERROR_BASE + 164), 521 "An experimental API was called, but not supported.") 522 523 ER3(SSL_ERROR_APPLICATION_ABORT, (SSL_ERROR_BASE + 165), 524 "SSL handshake aborted by the application.") 525 526 ER3(SSL_ERROR_APP_CALLBACK_ERROR, (SSL_ERROR_BASE + 166), 527 "An application callback produced an invalid response.") 528 529 ER3(SSL_ERROR_NO_TIMERS_ERROR, (SSL_ERROR_BASE + 167), 530 "No timers are currently running.") 531 532 ER3(SSL_ERROR_MISSING_COOKIE_EXTENSION, (SSL_ERROR_BASE + 168), 533 "A second ClientHello was received without a cookie extension.") 534 535 ER3(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE, (SSL_ERROR_BASE + 169), 536 "SSL received an unexpected key update message.") 537 538 ER3(SSL_ERROR_RX_MALFORMED_KEY_UPDATE, (SSL_ERROR_BASE + 170), 539 "SSL received a malformed key update message.") 540 541 ER3(SSL_ERROR_TOO_MANY_KEY_UPDATES, (SSL_ERROR_BASE + 171), 542 "SSL attempted too many key updates.") 543 544 ER3(SSL_ERROR_HANDSHAKE_FAILED, (SSL_ERROR_BASE + 172), 545 "SSL handshake has already failed. No more operations possible.") 546 547 ER3(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR, (SSL_ERROR_BASE + 173), 548 "SSL received an invalid resumption token.") 549 550 ER3(SSL_ERROR_RX_MALFORMED_DTLS_ACK, (SSL_ERROR_BASE + 174), 551 "SSL received a malformed DTLS ACK") 552 553 ER3(SSL_ERROR_DH_KEY_TOO_LONG, (SSL_ERROR_BASE + 175), 554 "SSL received a DH key share that's too long (>8192 bit).") 555 556 ER3(SSL_ERROR_RX_MALFORMED_ESNI_KEYS, (SSL_ERROR_BASE + 176), 557 "SSL received a malformed ESNI keys structure") 558 559 ER3(SSL_ERROR_RX_MALFORMED_ESNI_EXTENSION, (SSL_ERROR_BASE + 177), 560 "SSL received a malformed ESNI extension") 561 562 ER3(SSL_ERROR_MISSING_ESNI_EXTENSION, (SSL_ERROR_BASE + 178), 563 "SSL did not receive an ESNI extension") 564 565 ER3(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE, (SSL_ERROR_BASE + 179), 566 "SSL received an unexpected record type.") 567 568 ER3(SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION, (SSL_ERROR_BASE + 180), 569 "SSL cannot send a CertificateRequest because the client doesn't support post-handshake authentication.") 570 571 ER3(SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT, (SSL_ERROR_BASE + 181), 572 "SSL received a certificate_required alert.") 573 574 ER3(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH, (SSL_ERROR_BASE + 182), 575 "SSL received a delegated credential with unexpected certificate verification algorithm.") 576 577 ER3(SSL_ERROR_DC_BAD_SIGNATURE, (SSL_ERROR_BASE + 183), 578 "SSL received a delegated credential with an invalid signature.") 579 580 ER3(SSL_ERROR_DC_INVALID_KEY_USAGE, (SSL_ERROR_BASE + 184), 581 "SSL received a delegated credential from a certificate with invalid key usage.") 582 583 ER3(SSL_ERROR_DC_EXPIRED, (SSL_ERROR_BASE + 185), 584 "SSL received a delegated credential that expired.") 585 586 ER3(SSL_ERROR_DC_INAPPROPRIATE_VALIDITY_PERIOD, (SSL_ERROR_BASE + 186), 587 "SSL received a delegated credential with excessive TTL.") 588 589 ER3(SSL_ERROR_FEATURE_DISABLED, (SSL_ERROR_BASE + 187), 590 "The requested feature is disabled.") 591 592 ER3(SSL_ERROR_ECH_RETRY_WITH_ECH, (SSL_ERROR_BASE + 188), 593 "TLS ECH was rejected, but verification succeeded and compatible retry_configs are available.") 594 595 ER3(SSL_ERROR_ECH_RETRY_WITHOUT_ECH, (SSL_ERROR_BASE + 189), 596 "TLS ECH was rejected, but verification succeeded and no compatible retry_configs were found.") 597 598 ER3(SSL_ERROR_ECH_FAILED, (SSL_ERROR_BASE + 190), 599 "TLS ECH was rejected and verification failed.") 600 601 ER3(SSL_ERROR_ECH_REQUIRED_ALERT, (SSL_ERROR_BASE + 191), 602 "SSL peer reported ECH required.") 603