tls_dump_vf.c

Go to the documentation of this file.
00001 /*
00002  * $Id$
00003  *
00004  * Copyright (C) 2006 enum.at
00005  *
00006  * This file is part of SIP-router, a free SIP server.
00007  *
00008  * SIP-router is free software; you can redistribute it and/or modify
00009  * it under the terms of the GNU General Public License as published by
00010  * the Free Software Foundation; either version 2 of the License, or
00011  * (at your option) any later version
00012  *
00013  * SIP-router is distributed in the hope that it will be useful,
00014  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  * GNU General Public License for more details.
00017  *
00018  * You should have received a copy of the GNU General Public License 
00019  * along with this program; if not, write to the Free Software 
00020  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00021  */
00027 /*
00028  * History:
00029  * --------
00030  *  2010-05-20  split from tls_server.c
00031 */
00032 
00033 #include "tls_dump_vf.h"
00034 
00035 #include <openssl/ssl.h>
00036 #include "../../dprint.h"
00037 #include "tls_mod.h"
00038 #include "tls_cfg.h"
00039 
00042 void tls_dump_verification_failure(long verification_result)
00043 {
00044         int tls_log;
00045         
00046         tls_log = cfg_get(tls, tls_cfg, log);
00047         switch(verification_result) {
00048         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
00049                 LOG(tls_log, "verification failure: unable to get issuer certificate\n");
00050                 break;
00051         case X509_V_ERR_UNABLE_TO_GET_CRL:
00052                 LOG(tls_log, "verification failure: unable to get certificate CRL\n");
00053                 break;
00054         case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
00055                 LOG(tls_log, "verification failure: unable to decrypt certificate's signature\n");
00056                 break;
00057         case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
00058                 LOG(tls_log, "verification failure: unable to decrypt CRL's signature\n");
00059                 break;
00060         case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
00061                 LOG(tls_log, "verification failure: unable to decode issuer public key\n");
00062                 break;
00063         case X509_V_ERR_CERT_SIGNATURE_FAILURE:
00064                 LOG(tls_log, "verification failure: certificate signature failure\n");
00065                 break;
00066         case X509_V_ERR_CRL_SIGNATURE_FAILURE:
00067                 LOG(tls_log, "verification failure: CRL signature failure\n");
00068                 break;
00069         case X509_V_ERR_CERT_NOT_YET_VALID:
00070                 LOG(tls_log, "verification failure: certificate is not yet valid\n");
00071                 break;
00072         case X509_V_ERR_CERT_HAS_EXPIRED:
00073                 LOG(tls_log, "verification failure: certificate has expired\n");
00074                 break;
00075         case X509_V_ERR_CRL_NOT_YET_VALID:
00076                 LOG(tls_log, "verification failure: CRL is not yet valid\n");
00077                 break;
00078         case X509_V_ERR_CRL_HAS_EXPIRED:
00079                 LOG(tls_log, "verification failure: CRL has expired\n");
00080                 break;
00081         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
00082                 LOG(tls_log, "verification failure: format error in certificate's notBefore field\n");
00083                 break;
00084         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
00085                 LOG(tls_log, "verification failure: format error in certificate's notAfter field\n");
00086                 break;
00087         case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
00088                 LOG(tls_log, "verification failure: format error in CRL's lastUpdate field\n");
00089                 break;
00090         case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
00091                 LOG(tls_log, "verification failure: format error in CRL's nextUpdate field\n");
00092                 break;
00093         case X509_V_ERR_OUT_OF_MEM:
00094                 LOG(tls_log, "verification failure: out of memory\n");
00095                 break;
00096         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
00097                 LOG(tls_log, "verification failure: self signed certificate\n");
00098                 break;
00099         case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
00100                 LOG(tls_log, "verification failure: self signed certificate in certificate chain\n");
00101                 break;
00102         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
00103                 LOG(tls_log, "verification failure: unable to get local issuer certificate\n");
00104                 break;
00105         case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
00106                 LOG(tls_log, "verification failure: unable to verify the first certificate\n");
00107                 break;
00108         case X509_V_ERR_CERT_CHAIN_TOO_LONG:
00109                 LOG(tls_log, "verification failure: certificate chain too long\n");
00110                 break;
00111         case X509_V_ERR_CERT_REVOKED:
00112                 LOG(tls_log, "verification failure: certificate revoked\n");
00113                 break;
00114         case X509_V_ERR_INVALID_CA:
00115                 LOG(tls_log, "verification failure: invalid CA certificate\n");
00116                 break;
00117         case X509_V_ERR_PATH_LENGTH_EXCEEDED:
00118                 LOG(tls_log, "verification failure: path length constraint exceeded\n");
00119                 break;
00120         case X509_V_ERR_INVALID_PURPOSE:
00121                 LOG(tls_log, "verification failure: unsupported certificate purpose\n");
00122                 break;
00123         case X509_V_ERR_CERT_UNTRUSTED:
00124                 LOG(tls_log, "verification failure: certificate not trusted\n");
00125                 break;
00126         case X509_V_ERR_CERT_REJECTED:
00127                 LOG(tls_log, "verification failure: certificate rejected\n");
00128                 break;
00129         case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
00130                 LOG(tls_log, "verification failure: subject issuer mismatch\n");
00131                 break;
00132         case X509_V_ERR_AKID_SKID_MISMATCH:
00133                 LOG(tls_log, "verification failure: authority and subject key identifier mismatch\n");
00134                 break;
00135         case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
00136                 LOG(tls_log, "verification failure: authority and issuer serial number mismatch\n");
00137                 break;
00138         case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
00139                 LOG(tls_log, "verification failure: key usage does not include certificate signing\n");
00140                 break;
00141         case X509_V_ERR_APPLICATION_VERIFICATION:
00142                 LOG(tls_log, "verification failure: application verification failure\n");
00143                 break;
00144         }
00145 }
00146 
00147 
00148 /* vi: set ts=4 sw=4 tw=79:ai:cindent: */
Generated on Tue May 22 2012 13:10:17 for SIP Router by  doxygen 1.7.1