Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).

author: Lutz Jänicke <jaenicke@openssl.org> 2002-03-19 16:42:09 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-03-19 16:42:09 +0000
commit: 11c26ecf810bbeb0293921b86cd75f61809947b0 (patch)
tree: 770a615f9057d60a39d69477694347e1c4d5634a /ssl/s3_both.c
parent: 99d5b23023a9190f3cea08713e6ec0c7640e7650 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index c69e8d2308..89b54b71d3 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -548,6 +548,8 @@ int ssl_verify_alarm_type(long type)
 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_CRL_NOT_YET_VALID:
+	case X509_V_ERR_CERT_UNTRUSTED:
+	case X509_V_ERR_CERT_REJECTED:
 		al=SSL_AD_BAD_CERTIFICATE;
 		break;
 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -569,11 +571,16 @@ int ssl_verify_alarm_type(long type)
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+	case X509_V_ERR_INVALID_CA:
 		al=SSL_AD_UNKNOWN_CA;
 		break;
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		al=SSL_AD_HANDSHAKE_FAILURE;
 		break;
+	case X509_V_ERR_INVALID_PURPOSE:
+		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+		break;
 	default:
 		al=SSL_AD_CERTIFICATE_UNKNOWN;
 		break;
author	Lutz Jänicke <jaenicke@openssl.org>	2002-03-19 16:42:09 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-03-19 16:42:09 +0000
commit	11c26ecf810bbeb0293921b86cd75f61809947b0 (patch)
tree	770a615f9057d60a39d69477694347e1c4d5634a /ssl/s3_both.c
parent	99d5b23023a9190f3cea08713e6ec0c7640e7650 (diff)