1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/*
* Path validation result enums
* (C) 2013 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_X509_PATH_RESULT_H_
#define BOTAN_X509_PATH_RESULT_H_
#include <botan/types.h>
namespace Botan {
/**
* Certificate validation status code
*/
enum class Certificate_Status_Code {
OK = 0,
VERIFIED = 0,
// Revocation status
OCSP_RESPONSE_GOOD = 1,
OCSP_SIGNATURE_OK = 2,
VALID_CRL_CHECKED = 3,
OCSP_NO_HTTP = 4,
// Errors
FIRST_ERROR_STATUS = 1000,
SIGNATURE_METHOD_TOO_WEAK = 1000,
UNTRUSTED_HASH = 1001,
NO_REVOCATION_DATA = 1002,
// Time problems
CERT_NOT_YET_VALID = 2000,
CERT_HAS_EXPIRED = 2001,
OCSP_NOT_YET_VALID = 2002,
OCSP_HAS_EXPIRED = 2003,
CRL_NOT_YET_VALID = 2004,
CRL_HAS_EXPIRED = 2005,
// Chain generation problems
CERT_ISSUER_NOT_FOUND = 3000,
CANNOT_ESTABLISH_TRUST = 3001,
CERT_CHAIN_LOOP = 3002,
CHAIN_LACKS_TRUST_ROOT = 3003,
CHAIN_NAME_MISMATCH = 3004,
// Validation errors
POLICY_ERROR = 4000,
INVALID_USAGE = 4001,
CERT_CHAIN_TOO_LONG = 4002,
CA_CERT_NOT_FOR_CERT_ISSUER = 4003,
NAME_CONSTRAINT_ERROR = 4004,
// Revocation errors
CA_CERT_NOT_FOR_CRL_ISSUER = 4005,
OCSP_CERT_NOT_LISTED = 4006,
OCSP_BAD_STATUS = 4007,
// Other problems
CERT_NAME_NOMATCH = 4008,
UNKNOWN_CRITICAL_EXTENSION = 4009,
OCSP_SIGNATURE_ERROR = 4501,
OCSP_ISSUER_NOT_FOUND = 4502,
OCSP_RESPONSE_MISSING_KEYUSAGE = 4503,
OCSP_RESPONSE_INVALID = 4504,
// Hard failures
CERT_IS_REVOKED = 5000,
CRL_BAD_SIGNATURE = 5001,
SIGNATURE_ERROR = 5002,
CERT_PUBKEY_INVALID = 5003,
SIGNATURE_ALGO_UNKNOWN = 5004,
SIGNATURE_ALGO_BAD_PARAMS = 5005
};
/**
* Convert a status code to a human readable diagnostic message
* @param code the certifcate status
* @return string literal constant, or nullptr if code unknown
*/
BOTAN_PUBLIC_API(2,0) const char* to_string(Certificate_Status_Code code);
}
#endif
|