version 1.77, 2016/09/19 12:57:45 |
version 1.78, 2016/09/20 16:40:05 |
|
|
Some of the error codes are defined but never returned: these are described as |
Some of the error codes are defined but never returned: these are described as |
.Qq unused . |
.Qq unused . |
.Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |
.It "0 X509_V_OK: ok" |
.It 0 X509_V_OK |
The operation was successful. |
The operation was successful. |
.It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate |
.It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT |
The issuer certificate could not be found: this occurs if the issuer certificate |
The issuer certificate of an untrusted certificate could not be found. |
of an untrusted certificate cannot be found. |
.It 3 X509_V_ERR_UNABLE_TO_GET_CRL |
.It 3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL |
|
The CRL of a certificate could not be found. |
The CRL of a certificate could not be found. |
.It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature |
.It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE |
The certificate signature could not be decrypted. |
The certificate signature could not be decrypted. |
This means that the actual signature value could not be determined rather |
This means that the actual signature value could not be determined |
than it not matching the expected value. |
rather than it not matching the expected value. |
This is only meaningful for RSA keys. |
This is only meaningful for RSA keys. |
.It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature |
.It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE |
The CRL signature could not be decrypted: this means that the actual |
The CRL signature could not be decrypted. |
signature value could not be determined rather than it not matching the |
This means that the actual signature value could not be determined |
expected value. |
rather than it not matching the expected value. |
Unused. |
Unused. |
.It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key |
.It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY |
The public key in the certificate |
The public key in the certificate |
.Cm SubjectPublicKeyInfo |
.Cm SubjectPublicKeyInfo |
could not be read. |
could not be read. |
.It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure |
.It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE |
The signature of the certificate is invalid. |
The signature of the certificate is invalid. |
.It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure |
.It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE |
The signature of the certificate is invalid. |
The signature of the certificate is invalid. |
.It 9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid |
.It 9 X509_V_ERR_CERT_NOT_YET_VALID |
The certificate is not yet valid: the |
The certificate is not yet valid: the |
.Cm notBefore |
.Cm notBefore |
date is after the current time. |
date is after the current time. |
.It 10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired |
.It 10 X509_V_ERR_CERT_HAS_EXPIRED |
The certificate has expired; that is, the |
The certificate has expired; that is, the |
.Cm notAfter |
.Cm notAfter |
date is before the current time. |
date is before the current time. |
.It 11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid |
.It 11 X509_V_ERR_CRL_NOT_YET_VALID |
The CRL is not yet valid. |
The CRL is not yet valid. |
.It 12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired |
.It 12 X509_V_ERR_CRL_HAS_EXPIRED |
The CRL has expired. |
The CRL has expired. |
.It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field |
.It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD |
The certificate |
The certificate |
.Cm notBefore |
.Cm notBefore |
field contains an invalid time. |
field contains an invalid time. |
.It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field |
.It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD |
The certificate |
The certificate |
.Cm notAfter |
.Cm notAfter |
field contains an invalid time. |
field contains an invalid time. |
.It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field |
.It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD |
The CRL |
The CRL |
.Cm lastUpdate |
.Cm lastUpdate |
field contains an invalid time. |
field contains an invalid time. |
.It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field |
.It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD |
The CRL |
The CRL |
.Cm nextUpdate |
.Cm nextUpdate |
field contains an invalid time. |
field contains an invalid time. |
.It 17 X509_V_ERR_OUT_OF_MEM: out of memory |
.It 17 X509_V_ERR_OUT_OF_MEM |
An error occurred trying to allocate memory. |
An error occurred trying to allocate memory. |
This should never happen. |
This should never happen. |
.It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate |
.It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT |
The passed certificate is self-signed and the same certificate cannot be |
The passed certificate is self-signed and the same certificate cannot be |
found in the list of trusted certificates. |
found in the list of trusted certificates. |
.It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain |
.It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN |
The certificate chain could be built up using the untrusted certificates but |
The certificate chain could be built up using the untrusted certificates but |
the root could not be found locally. |
the root could not be found locally. |
.It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate |
.It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY |
The issuer certificate of a locally looked up certificate could not be found. |
The issuer certificate of a locally looked up certificate could not be found. |
This normally means the list of trusted certificates is not complete. |
This normally means the list of trusted certificates is not complete. |
.It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate |
.It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE |
No signatures could be verified because the chain contains only one |
No signatures could be verified because the chain contains only one |
certificate and it is not self-signed. |
certificate and it is not self-signed. |
.It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long |
.It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG |
The certificate chain length is greater than the supplied maximum depth. |
The certificate chain length is greater than the supplied maximum depth. |
Unused. |
Unused. |
.It 23 X509_V_ERR_CERT_REVOKED: certificate revoked |
.It 23 X509_V_ERR_CERT_REVOKED |
The certificate has been revoked. |
The certificate has been revoked. |
.It 24 X509_V_ERR_INVALID_CA: invalid CA certificate |
.It 24 X509_V_ERR_INVALID_CA |
A CA certificate is invalid. |
A CA certificate is invalid. |
Either it is not a CA or its extensions are not consistent |
Either it is not a CA or its extensions are not consistent |
with the supplied purpose. |
with the supplied purpose. |
.It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded |
.It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED |
The |
The |
.Cm basicConstraints |
.Cm basicConstraints |
pathlength parameter has been exceeded. |
pathlength parameter has been exceeded. |
.It 26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose |
.It 26 X509_V_ERR_INVALID_PURPOSE |
The supplied certificate cannot be used for the specified purpose. |
The supplied certificate cannot be used for the specified purpose. |
.It 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted |
.It 27 X509_V_ERR_CERT_UNTRUSTED |
The root CA is not marked as trusted for the specified purpose. |
The root CA is not marked as trusted for the specified purpose. |
.It 28 X509_V_ERR_CERT_REJECTED: certificate rejected |
.It 28 X509_V_ERR_CERT_REJECTED |
The root CA is marked to reject the specified purpose. |
The root CA is marked to reject the specified purpose. |
.It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch |
.It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH |
The current candidate issuer certificate was rejected because its subject name |
The current candidate issuer certificate was rejected because its subject name |
did not match the issuer name of the current certificate. |
did not match the issuer name of the current certificate. |
Only displayed when the |
Only displayed when the |
.Fl issuer_checks |
.Fl issuer_checks |
option is set. |
option is set. |
.It 30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch |
.It 30 X509_V_ERR_AKID_SKID_MISMATCH |
The current candidate issuer certificate was rejected because its subject key |
The current candidate issuer certificate was rejected because its subject key |
identifier was present and did not match the authority key identifier current |
identifier was present and did not match the authority key identifier current |
certificate. |
certificate. |
Only displayed when the |
Only displayed when the |
.Fl issuer_checks |
.Fl issuer_checks |
option is set. |
option is set. |
.It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch |
.It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH |
The current candidate issuer certificate was rejected because its issuer name |
The current candidate issuer certificate was rejected because its issuer name |
and serial number were present and did not match the authority key identifier |
and serial number were present and did not match the authority key identifier |
of the current certificate. |
of the current certificate. |
Only displayed when the |
Only displayed when the |
.Fl issuer_checks |
.Fl issuer_checks |
option is set. |
option is set. |
.It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing |
.It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN |
The current candidate issuer certificate was rejected because its |
The current candidate issuer certificate was rejected because its |
.Cm keyUsage |
.Cm keyUsage |
extension does not permit certificate signing. |
extension does not permit certificate signing. |
.It 50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure |
.It 50 X509_V_ERR_APPLICATION_VERIFICATION |
An application specific error. |
An application specific error. |
Unused. |
Unused. |
.El |
.El |