30 PRErrorCode
const errNum;
31 const char * errString;
51 if (
i.errNum == errNum)
61 unsigned int depth =
static_cast<unsigned int>(-1);
62 CERTVerifyLogNode *node =
nullptr;
66 SAL_INFO(
"xmlsecurity.xmlsec",
"Bad certification path:");
67 unsigned long errorFlags = 0;
68 for (node =
log->head; node; node = node->next)
70 if (depth != node->depth)
73 SAL_INFO(
"xmlsecurity.xmlsec",
"Certificate: " << depth <<
74 node->cert->subjectName <<
": " <<
75 (depth ?
"[Certificate Authority]":
""));
77 SAL_INFO(
"xmlsecurity.xmlsec",
" ERROR " << node->error <<
": " <<
79 const char * specificError =
nullptr;
80 const char * issuer =
nullptr;
83 case SEC_ERROR_INADEQUATE_KEY_USAGE:
84 errorFlags =
reinterpret_cast<unsigned long>(node->arg);
87 case KU_DIGITAL_SIGNATURE:
88 specificError =
"Certificate cannot sign.";
90 case KU_KEY_ENCIPHERMENT:
91 specificError =
"Certificate cannot encrypt.";
93 case KU_KEY_CERT_SIGN:
94 specificError =
"Certificate cannot sign other certs.";
97 specificError =
"[unknown usage].";
101 case SEC_ERROR_INADEQUATE_CERT_TYPE:
102 errorFlags =
reinterpret_cast<unsigned long>(node->arg);
105 case NS_CERT_TYPE_SSL_CLIENT:
106 case NS_CERT_TYPE_SSL_SERVER:
107 specificError =
"Certificate cannot be used for SSL.";
109 case NS_CERT_TYPE_SSL_CA:
110 specificError =
"Certificate cannot be used as an SSL CA.";
112 case NS_CERT_TYPE_EMAIL:
113 specificError =
"Certificate cannot be used for SMIME.";
115 case NS_CERT_TYPE_EMAIL_CA:
116 specificError =
"Certificate cannot be used as an SMIME CA.";
118 case NS_CERT_TYPE_OBJECT_SIGNING:
119 specificError =
"Certificate cannot be used for object signing.";
121 case NS_CERT_TYPE_OBJECT_SIGNING_CA:
122 specificError =
"Certificate cannot be used as an object signing CA.";
125 specificError =
"[unknown usage].";
129 case SEC_ERROR_UNKNOWN_ISSUER:
130 specificError =
"Unknown issuer:";
131 issuer = node->cert->issuerName;
133 case SEC_ERROR_UNTRUSTED_ISSUER:
134 specificError =
"Untrusted issuer:";
135 issuer = node->cert->issuerName;
137 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
138 specificError =
"Expired issuer certificate:";
139 issuer = node->cert->issuerName;
145 SAL_INFO(
"xmlsecurity.xmlsec", specificError);
147 SAL_INFO(
"xmlsecurity.xmlsec", issuer);
#define SAL_INFO(area, stream)
const char * getCertError(PRErrorCode errNum)
void printChainFailure(CERTVerifyLog *log)