Merge pull request wolfSSL#8213 from JacobBarthelmeh/compat

adjustments to x509.h macro list
LinuxJedi · Nov 27, 2024 · 9bec6da · 9bec6da
2 parents fbaabbe + 2b11bd4
commit 9bec6da
Showing 1 changed file with 99 additions and 116 deletions.
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
@@ -109,126 +109,109 @@
 #define XN_FLAG_MULTILINE        WOLFSSL_XN_FLAG_MULTILINE
 #define XN_FLAG_ONELINE          WOLFSSL_XN_FLAG_ONELINE
 
+#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
+#define X509_V_ERR_CRL_HAS_EXPIRED   WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
+
 /*
- * All of these aren't actually used in wolfSSL. Some are included to
- * satisfy OpenSSL compatibility consumers to prevent compilation errors.
- * The list was taken from
- * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
- * One requirement for HAProxy is that the values should be literal constants.
+ * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
+ * satisfy OpenSSL compatibility compilation errors.
+ * For HAProxy the values should be literal constants.
  */
 
-#define X509_V_OK                                       0
-#define X509_V_ERR_UNSPECIFIED                          1
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-#define X509_V_ERR_UNABLE_TO_GET_CRL                    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-#define X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-#define X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define X509_V_ERR_CERT_NOT_YET_VALID                   9
-#define X509_V_ERR_CERT_HAS_EXPIRED                     10
-#define X509_V_ERR_CRL_NOT_YET_VALID                    11
-#define X509_V_ERR_CRL_HAS_EXPIRED                      WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
-#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-#define X509_V_ERR_OUT_OF_MEM                           17
-#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-#define X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-#define X509_V_ERR_CERT_REVOKED                         23
-#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                 24
-#define X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-#define X509_V_ERR_INVALID_PURPOSE                      26
-#define X509_V_ERR_CERT_UNTRUSTED                       27
-#define X509_V_ERR_CERT_REJECTED                        28
-
-/* These are 'informational' when looking for issuer cert */
-#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-#define X509_V_ERR_AKID_SKID_MISMATCH                   30
-#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-#define X509_V_ERR_INVALID_NON_CA                       37
-#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-#define X509_V_ERR_INVALID_EXTENSION                    41
-#define X509_V_ERR_INVALID_POLICY_EXTENSION             42
-#define X509_V_ERR_NO_EXPLICIT_POLICY                   43
-#define X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
-#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-#define X509_V_ERR_UNNESTED_RESOURCE                    46
-#define X509_V_ERR_PERMITTED_VIOLATION                  47
-#define X509_V_ERR_EXCLUDED_VIOLATION                   48
-#define X509_V_ERR_SUBTREE_MINMAX                       49
-/* The application is not happy */
-#define X509_V_ERR_APPLICATION_VERIFICATION             50
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
-#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
-#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
-#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-/* Another issuer check debug option */
-#define X509_V_ERR_PATH_LOOP                            55
-/* Suite B mode algorithm violation */
-#define X509_V_ERR_SUITE_B_INVALID_VERSION              56
-#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
-#define X509_V_ERR_SUITE_B_INVALID_CURVE                58
-#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
-#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+#define X509_V_OK                                      0
+#define X509_V_ERR_UNSPECIFIED                         1
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT           2
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE    4
+#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE     5
+#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY  6
+#define X509_V_ERR_CERT_SIGNATURE_FAILURE              7
+#define X509_V_ERR_CRL_SIGNATURE_FAILURE               8
+#define X509_V_ERR_CERT_NOT_YET_VALID                  9
+#define X509_V_ERR_CERT_HAS_EXPIRED                    10
+#define X509_V_ERR_CRL_NOT_YET_VALID                   11
+#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD      13
+#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD       14
+#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD      15
+#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD      16
+#define X509_V_ERR_OUT_OF_MEM                          17
+#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT         18
+#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN           19
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY   20
+#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE     21
+#define X509_V_ERR_CERT_CHAIN_TOO_LONG                 22
+#define X509_V_ERR_CERT_REVOKED                        23
+#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY                24
+#define X509_V_ERR_PATH_LENGTH_EXCEEDED                25
+#define X509_V_ERR_INVALID_PURPOSE                     26
+#define X509_V_ERR_CERT_UNTRUSTED                      27
+#define X509_V_ERR_CERT_REJECTED                       28
+#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH             29
+#define X509_V_ERR_AKID_SKID_MISMATCH                  30
+#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH         31
+#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN                32
+#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER            33
+#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION        34
+#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                35
+#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION    36
+#define X509_V_ERR_INVALID_NON_CA                      37
+#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED          38
+#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE       39
+#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED      40
+#define X509_V_ERR_INVALID_EXTENSION                   41
+#define X509_V_ERR_INVALID_POLICY_EXTENSION            42
+#define X509_V_ERR_NO_EXPLICIT_POLICY                  43
+#define X509_V_ERR_DIFFERENT_CRL_SCOPE                 44
+#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE       45
+#define X509_V_ERR_UNNESTED_RESOURCE                   46
+#define X509_V_ERR_PERMITTED_VIOLATION                 47
+#define X509_V_ERR_EXCLUDED_VIOLATION                  48
+#define X509_V_ERR_SUBTREE_MINMAX                      49
+#define X509_V_ERR_APPLICATION_VERIFICATION            50
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE         51
+#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX       52
+#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX             53
+#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR           54
+#define X509_V_ERR_PATH_LOOP                           55
+#define X509_V_ERR_SUITE_B_INVALID_VERSION             56
+#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM           57
+#define X509_V_ERR_SUITE_B_INVALID_CURVE               58
+#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
+#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED             60
 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-/* Host, email and IP check errors */
-#define X509_V_ERR_HOSTNAME_MISMATCH                    62
-#define X509_V_ERR_EMAIL_MISMATCH                       63
-#define X509_V_ERR_IP_ADDRESS_MISMATCH                  64
-/* DANE TLSA errors */
-#define X509_V_ERR_DANE_NO_MATCH                        65
-/* security level errors */
-#define X509_V_ERR_EE_KEY_TOO_SMALL                     66
-#define X509_V_ERR_CA_KEY_TOO_SMALL                     67
-#define X509_V_ERR_CA_MD_TOO_WEAK                       68
-/* Caller error */
-#define X509_V_ERR_INVALID_CALL                         69
-/* Issuer lookup error */
-#define X509_V_ERR_STORE_LOOKUP                         70
-/* Certificate transparency */
-#define X509_V_ERR_NO_VALID_SCTS                        71
-
-#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
-/* OCSP status errors */
-#define X509_V_ERR_OCSP_VERIFY_NEEDED                   73
-#define X509_V_ERR_OCSP_VERIFY_FAILED                   74
-#define X509_V_ERR_OCSP_CERT_UNKNOWN                    75
-
-#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM      76
-#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH         77
-
-/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
-#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY    78
-#define X509_V_ERR_INVALID_CA                           79
-#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA           80
-#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN     81
-#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA  82
-#define X509_V_ERR_ISSUER_NAME_EMPTY                    83
-#define X509_V_ERR_SUBJECT_NAME_EMPTY                   84
-#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER     85
-#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER       86
-#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME               87
-#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL       88
-#define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
-#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
-#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
-#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
-#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
-#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE               101
+#define X509_V_ERR_HOSTNAME_MISMATCH                   62
+#define X509_V_ERR_EMAIL_MISMATCH                      63
+#define X509_V_ERR_IP_ADDRESS_MISMATCH                 64
+#define X509_V_ERR_DANE_NO_MATCH                       65
+#define X509_V_ERR_EE_KEY_TOO_SMALL                    66
+#define X509_V_ERR_CA_KEY_TOO_SMALL                    67
+#define X509_V_ERR_CA_MD_TOO_WEAK                      68
+#define X509_V_ERR_INVALID_CALL                        69
+#define X509_V_ERR_STORE_LOOKUP                        70
+#define X509_V_ERR_NO_VALID_SCTS                       71
+#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION        72
+#define X509_V_ERR_OCSP_VERIFY_NEEDED                  73
+#define X509_V_ERR_OCSP_VERIFY_FAILED                  74
+#define X509_V_ERR_OCSP_CERT_UNKNOWN                   75
+#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM     76
+#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH        77
+#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY   78
+#define X509_V_ERR_INVALID_CA                          79
+#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA          80
+#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN    81
+#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
+#define X509_V_ERR_ISSUER_NAME_EMPTY                   83
+#define X509_V_ERR_SUBJECT_NAME_EMPTY                  84
+#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER    85
+#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER      86
+#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME              87
+#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL      88
+#define X509_V_ERR_CA_BCONS_NOT_CRITICAL               89
+#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL   90
+#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL     91
+#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE           92
+#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3        93
+#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS              94
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE              101
 
 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
 #define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object