add suite B chain validation flags and associated verify errors

[openssl.git] / crypto / x509 / x509_txt.c

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index e444176e90f0efe827828ea3237fa58bb613a78d..699f72ef7697b6f6cebc2051f69cfca4e4cadba4 100644 (file)
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -184,6 +184,19 @@ const char *X509_verify_cert_error_string(long n)
        case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
                return("CRL path validation error");
 
+       case X509_V_ERR_SUITE_B_INVALID_VERSION:
+               return("Suite B: certificate version invalid");
+       case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
+               return("Suite B: invalid public key algorithm");
+       case X509_V_ERR_SUITE_B_INVALID_CURVE:
+               return("Suite B: invalid ECC curve");
+       case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
+               return("Suite B: invalid signature algorithm");
+       case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
+               return("Suite B: curve not allowed for this LOS");
+       case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
+               return("Suite B: cannot sign P-384 with P-256");
+
        case X509_V_ERR_HOSTNAME_MISMATCH:
                return("Hostname mismatch");
        case X509_V_ERR_EMAIL_MISMATCH: