projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
[openssl.git] / ssl / s3_both.c
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index c69e8d230830ed35c86da181473b54774211bb0c..89b54b71d3650dd6c0e328092e2739a57b676a12 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -548,6 +548,8 @@ int ssl_verify_alarm_type(long type)
        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
        case X509_V_ERR_CERT_NOT_YET_VALID:
        case X509_V_ERR_CRL_NOT_YET_VALID:
+       case X509_V_ERR_CERT_UNTRUSTED:
+       case X509_V_ERR_CERT_REJECTED:
                al=SSL_AD_BAD_CERTIFICATE;
                break;
        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -569,11 +571,16 @@ int ssl_verify_alarm_type(long type)
        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+       case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+       case X509_V_ERR_INVALID_CA:
                al=SSL_AD_UNKNOWN_CA;
                break;
        case X509_V_ERR_APPLICATION_VERIFICATION:
                al=SSL_AD_HANDSHAKE_FAILURE;
                break;
+       case X509_V_ERR_INVALID_PURPOSE:
+               al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+               break;
        default:
                al=SSL_AD_CERTIFICATE_UNKNOWN;
                break;
Unnamed repository; edit this file 'description' to name the repository.