add suite B chain validation flags and associated verify errors

author: Dr. Stephen Henson <steve@openssl.org> 2012-08-03 13:51:43 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-08-03 13:51:43 +0000
commit: 3ad344a5171c55511adddb96c805e037f2c061be (patch)
tree: b5799e38c260f3f7851369a3d8666b953658c0c2 /crypto/x509/x509_txt.c
parent: 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 9a0911a304..595efcead3 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -185,6 +185,18 @@ const char *X509_verify_cert_error_string(long n)
 		return("CRL path validation error");
 	case X509_V_ERR_PATH_LOOP:
 		return("Path Loop");
+	case X509_V_ERR_SUITE_B_INVALID_VERSION:
+		return("Suite B: certificate version invalid");
+	case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
+		return("Suite B: invalid public key algorithm");
+	case X509_V_ERR_SUITE_B_INVALID_CURVE:
+		return("Suite B: invalid ECC curve");
+	case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
+		return("Suite B: invalid signature algorithm");
+	case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
+		return("Suite B: curve not allowed for this LOS");
+	case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
+		return("Suite B: cannot sign P-384 with P-256");
 
 	default:
 		BIO_snprintf(buf,sizeof buf,"error number %ld",n);
author	Dr. Stephen Henson <steve@openssl.org>	2012-08-03 13:51:43 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-08-03 13:51:43 +0000
commit	3ad344a5171c55511adddb96c805e037f2c061be (patch)
tree	b5799e38c260f3f7851369a3d8666b953658c0c2 /crypto/x509/x509_txt.c
parent	6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (diff)