index.rst (144800B)
1 .. _mozilla_projects_nss_ssl_functions_sslerr: 2 3 sslerr 4 ====== 5 6 .. container:: 7 8 .. note:: 9 10 - This page is part of the :ref:`mozilla_projects_nss_ssl_functions_old_ssl_reference` that 11 we are migrating into the format described in the `MDN Style 12 Guide <https://developer.mozilla.org/en-US/docs/Project:MDC_style_guide>`__. If you are 13 inclined to help with this migration, your help would be very much appreciated. 14 15 - Upgraded documentation may be found in the :ref:`mozilla_projects_nss_reference` 16 17 .. rubric:: NSS and SSL Error Codes 18 :name: NSS_and_SSL_Error_Codes 19 20 -------------- 21 22 .. _chapter_8_nss_and_ssl_error_codes: 23 24 `Chapter 8 25 <#chapter_8_nss_and_ssl_error_codes>`__\ NSS and SSL Error Codes 26 ----------------------------------------------------------------- 27 28 .. container:: 29 30 NSS error codes are retrieved using the NSPR function 31 `PR_GetError <../../../../../nspr/reference/html/prerr.html#PR_GetError>`__. In addition to the 32 `error codes defined by 33 NSPR <https://dxr.mozilla.org/mozilla-central/source/nsprpub/pr/include/prerr.h>`__, PR_GetError 34 retrieves the error codes described in this chapter. 35 36 | `SSL Error Codes <#1040263>`__ 37 | `SEC Error Codes <#1039257>`__ 38 39 .. _ssl_error_codes: 40 41 `SSL Error Codes <#ssl_error_codes>`__ 42 -------------------------------------- 43 44 .. container:: 45 46 **Table 8.1 Error codes defined in sslerr.h** 47 48 +--------------------------------+--------------------------------+--------------------------------+ 49 | **Constant** | **Value** | **Description** | 50 +--------------------------------+--------------------------------+--------------------------------+ 51 | SSL_ERROR_EXPORT_ONLY_SERVER | -12288 | "Unable to communicate | 52 | | | securely. Peer does not | 53 | | | support high-grade | 54 | | | encryption." | 55 | | | | 56 | | | The local system was | 57 | | | configured to support the | 58 | | | cipher suites permitted for | 59 | | | domestic use. The remote | 60 | | | system was configured to | 61 | | | support only the cipher suites | 62 | | | permitted for export use. | 63 +--------------------------------+--------------------------------+--------------------------------+ 64 | SSL_ERROR_US_ONLY_SERVER | -12287 | "Unable to communicate | 65 | | | securely. Peer requires | 66 | | | high-grade encryption which is | 67 | | | not supported." | 68 | | | | 69 | | | The remote system was | 70 | | | configured to support the | 71 | | | cipher suites permitted for | 72 | | | domestic use. The local system | 73 | | | was configured to support only | 74 | | | the cipher suites permitted | 75 | | | for export use. | 76 +--------------------------------+--------------------------------+--------------------------------+ 77 | SSL_ERROR_NO_CYPHER_OVERLAP | -12286 | "Cannot communicate securely | 78 | | | with peer: no common | 79 | | | encryption algorithm(s)." | 80 | | | | 81 | | | The local and remote systems | 82 | | | share no cipher suites in | 83 | | | common. This can be due to a | 84 | | | misconfiguration at either | 85 | | | end. It can be due to a server | 86 | | | being misconfigured to use a | 87 | | | non-RSA certificate with the | 88 | | | RSA key exchange algorithm. | 89 +--------------------------------+--------------------------------+--------------------------------+ 90 | SSL_ERROR_NO_CERTIFICATE | -12285 | "Unable to find the | 91 | | | certificate or key necessary | 92 | | | for authentication." | 93 | | | | 94 | | | This error has many potential | 95 | | | causes; for example: | 96 | | | | 97 | | | Certificate or key not found | 98 | | | in database. | 99 | | | | 100 | | | Certificate not marked trusted | 101 | | | in database and Certificate's | 102 | | | issuer not marked trusted in | 103 | | | database. | 104 | | | | 105 | | | Wrong password for key | 106 | | | database. | 107 | | | | 108 | | | Missing database. | 109 +--------------------------------+--------------------------------+--------------------------------+ 110 | SSL_ERROR_BAD_CERTIFICATE | -12284 | "Unable to communicate | 111 | | | securely with peer: peers's | 112 | | | certificate was rejected." | 113 | | | | 114 | | | A certificate was received | 115 | | | from the remote system and was | 116 | | | passed to the certificate | 117 | | | authentication callback | 118 | | | function provided by the local | 119 | | | application. That callback | 120 | | | function returned SECFailure, | 121 | | | and the bad certificate | 122 | | | callback function either was | 123 | | | not configured or did not | 124 | | | choose to override the error | 125 | | | code returned by the | 126 | | | certificate authentication | 127 | | | callback function. | 128 +--------------------------------+--------------------------------+--------------------------------+ 129 | | -12283 | (unused) | 130 +--------------------------------+--------------------------------+--------------------------------+ 131 | SSL_ERROR_BAD_CLIENT | -12282 | "The server has encountered | 132 | | | bad data from the client." | 133 | | | | 134 | | | This error code should occur | 135 | | | only on sockets that are | 136 | | | acting as servers. It is a | 137 | | | generic error, used when none | 138 | | | of the other more specific | 139 | | | error codes defined in this | 140 | | | file applies. | 141 +--------------------------------+--------------------------------+--------------------------------+ 142 | SSL_ERROR_BAD_SERVER | -12281 | "The client has encountered | 143 | | | bad data from the server." | 144 | | | | 145 | | | This error code should occur | 146 | | | only on sockets that are | 147 | | | acting as clients. It is a | 148 | | | generic error, used when none | 149 | | | of the other more specific | 150 | | | error codes defined in this | 151 | | | file applies. | 152 +--------------------------------+--------------------------------+--------------------------------+ 153 | SSL_ERRO | -12280 | "Unsupported certificate | 154 | R_UNSUPPORTED_CERTIFICATE_TYPE | | type." | 155 | | | | 156 | | | The operation encountered a | 157 | | | certificate that was not one | 158 | | | of the well known certificate | 159 | | | types handled by the | 160 | | | certificate library. | 161 +--------------------------------+--------------------------------+--------------------------------+ 162 | SSL_ERROR_UNSUPPORTED_VERSION | -12279 | "Peer using unsupported | 163 | | | version of security protocol." | 164 | | | | 165 | | | On a client socket, this means | 166 | | | the remote server has | 167 | | | attempted to negotiate the use | 168 | | | of a version of SSL that is | 169 | | | not supported by the NSS | 170 | | | library, probably an invalid | 171 | | | version number. On a server | 172 | | | socket, this means the remote | 173 | | | client has requested the use | 174 | | | of a version of SSL older than | 175 | | | version 2. | 176 +--------------------------------+--------------------------------+--------------------------------+ 177 | | -12278 | (unused) | 178 +--------------------------------+--------------------------------+--------------------------------+ 179 | SSL_ERROR_WRONG_CERTIFICATE | -12277 | "Client authentication failed: | 180 | | | private key in key database | 181 | | | does not correspond to public | 182 | | | key in certificate database." | 183 +--------------------------------+--------------------------------+--------------------------------+ 184 | SSL_ERROR_BAD_CERT_DOMAIN | -12276 | "Unable to communicate | 185 | | | securely with peer: requested | 186 | | | domain name does not match the | 187 | | | server's certificate." | 188 | | | | 189 | | | This error code should be | 190 | | | returned by the certificate | 191 | | | authentication callback | 192 | | | function when it detects that | 193 | | | the Common Name in the remote | 194 | | | server's certificate does not | 195 | | | match the hostname sought by | 196 | | | the local client, according to | 197 | | | the matching rules specified | 198 | | | for | 199 | | | `CERT_VerifyCertN | 200 | | | ame <sslcrt.html#1050342>`__. | 201 +--------------------------------+--------------------------------+--------------------------------+ 202 | SSL_ERROR_POST_WARNING | -12275 | (unused) | 203 +--------------------------------+--------------------------------+--------------------------------+ 204 | SSL_ERROR_SSL2_DISABLED | -12274 | "Peer only supports SSL | 205 | | | version 2, which is locally | 206 | | | disabled." | 207 | | | | 208 | | | The remote server has asked to | 209 | | | use SSL version 2, and SSL | 210 | | | version 2 is disabled in the | 211 | | | local client's configuration. | 212 +--------------------------------+--------------------------------+--------------------------------+ 213 | SSL_ERROR_BAD_MAC_READ | -12273 | "SSL received a record with an | 214 | | | incorrect Message | 215 | | | Authentication Code." | 216 | | | | 217 | | | This usually indicates that | 218 | | | the client and server have | 219 | | | failed to come to agreement on | 220 | | | the set of keys used to | 221 | | | encrypt the application data | 222 | | | and to check message | 223 | | | integrity. If this occurs | 224 | | | frequently on a server, an | 225 | | | active attack (such as the | 226 | | | "million question" attack) may | 227 | | | be underway against the | 228 | | | server. | 229 +--------------------------------+--------------------------------+--------------------------------+ 230 | SSL_ERROR_BAD_MAC_ALERT | -12272 | "SSL peer reports incorrect | 231 | | | Message Authentication Code." | 232 | | | The remote system has reported | 233 | | | that it received a message | 234 | | | with a bad Message | 235 | | | Authentication Code from the | 236 | | | local system. This may | 237 | | | indicate that an attack on | 238 | | | that server is underway. | 239 +--------------------------------+--------------------------------+--------------------------------+ 240 | SSL_ERROR_BAD_CERT_ALERT | -12271 | "SSL peer cannot verify your | 241 | | | certificate." | 242 | | | | 243 | | | The remote system has received | 244 | | | a certificate from the local | 245 | | | system, and has rejected it | 246 | | | for some reason. | 247 +--------------------------------+--------------------------------+--------------------------------+ 248 | SSL_ERROR_REVOKED_CERT_ALERT | -12270 | "SSL peer rejected your | 249 | | | certificate as revoked." | 250 | | | | 251 | | | The remote system has received | 252 | | | a certificate from the local | 253 | | | system, and has determined | 254 | | | that the certificate has been | 255 | | | revoked. | 256 +--------------------------------+--------------------------------+--------------------------------+ 257 | SSL_ERROR_EXPIRED_CERT_ALERT | -12269 | "SSL peer rejected your | 258 | | | certificate as expired." | 259 | | | | 260 | | | The remote system has received | 261 | | | a certificate from the local | 262 | | | system, and has determined | 263 | | | that the certificate has | 264 | | | expired. | 265 +--------------------------------+--------------------------------+--------------------------------+ 266 | SSL_ERROR_SSL_DISABLED | -12268 | "Cannot connect: SSL is | 267 | | | disabled." | 268 | | | | 269 | | | The local socket is configured | 270 | | | in such a way that it cannot | 271 | | | use any of the SSL cipher | 272 | | | suites. Possible causes | 273 | | | include: (a) both SSL2 and | 274 | | | SSL3 are disabled, (b) All the | 275 | | | individual SSL cipher suites | 276 | | | are disabled, or (c) the | 277 | | | socket is configured to | 278 | | | handshake as a server, but the | 279 | | | certificate associated with | 280 | | | that socket is inappropriate | 281 | | | for the Key Exchange Algorithm | 282 | | | selected. | 283 +--------------------------------+--------------------------------+--------------------------------+ 284 | SSL_ERROR_FORTEZZA_PQG | -12267 | "Cannot connect: SSL peer is | 285 | | | in another FORTEZZA domain." | 286 | | | | 287 | | | The local system and the | 288 | | | remote system are in different | 289 | | | FORTEZZA domains. They must be | 290 | | | in the same domain to | 291 | | | communicate. | 292 +--------------------------------+--------------------------------+--------------------------------+ 293 | SSL_ERROR_UNKNOWN_CIPHER_SUITE | -12266 | "An unknown SSL cipher suite | 294 | | | has been requested." | 295 | | | | 296 | | | The application has attempted | 297 | | | to configure SSL to use an | 298 | | | unknown cipher suite. | 299 +--------------------------------+--------------------------------+--------------------------------+ 300 | SSL_ERROR_NO_CIPHERS_SUPPORTED | -12265 | "No cipher suites are present | 301 | | | and enabled in this program." | 302 | | | | 303 | | | Possible causes: (a) all | 304 | | | cipher suites have been | 305 | | | configured to be disabled, (b) | 306 | | | the only cipher suites that | 307 | | | are configured to be enabled | 308 | | | are those that are disallowed | 309 | | | by cipher export policy, (c) | 310 | | | the socket is configured to | 311 | | | handshake as a server, but the | 312 | | | certificate associated with | 313 | | | that socket is inappropriate | 314 | | | for the Key Exchange Algorithm | 315 | | | selected. | 316 +--------------------------------+--------------------------------+--------------------------------+ 317 | SSL_ERROR_BAD_BLOCK_PADDING | -12264 | "SSL received a record with | 318 | | | bad block padding." | 319 | | | | 320 | | | SSL was using a Block cipher, | 321 | | | and the last block in an SSL | 322 | | | record had incorrect padding | 323 | | | information in it. This | 324 | | | usually indicates that the | 325 | | | client and server have failed | 326 | | | to come to agreement on the | 327 | | | set of keys used to encrypt | 328 | | | the application data and to | 329 | | | check message integrity. If | 330 | | | this occurs frequently on a | 331 | | | server, an active attack (such | 332 | | | as the "million question" | 333 | | | attack) may be underway | 334 | | | against the server. | 335 +--------------------------------+--------------------------------+--------------------------------+ 336 | SSL_ERROR_RX_RECORD_TOO_LONG | -12263 | "SSL received a record that | 337 | | | exceeded the maximum | 338 | | | permissible length." | 339 | | | | 340 | | | This generally indicates that | 341 | | | the remote peer system has a | 342 | | | flawed implementation of SSL, | 343 | | | and is violating the SSL | 344 | | | specification. | 345 +--------------------------------+--------------------------------+--------------------------------+ 346 | SSL_ERROR_TX_RECORD_TOO_LONG | -12262 | "SSL attempted to send a | 347 | | | record that exceeded the | 348 | | | maximum permissible length." | 349 | | | | 350 | | | This error should never occur. | 351 | | | If it does, it indicates a | 352 | | | flaw in the NSS SSL library. | 353 +--------------------------------+--------------------------------+--------------------------------+ 354 | SSL_ERROR_CLOSE_NOTIFY_ALERT | -12230 | "SSL peer has closed this | 355 | | | connection." | 356 | | | | 357 | | | The local socket received an | 358 | | | SSL3 alert record from the | 359 | | | remote peer, reporting that | 360 | | | the remote peer has chosen to | 361 | | | end the connection. The | 362 | | | receipt of this alert is an | 363 | | | error only if it occurs while | 364 | | | a handshake is in progress. | 365 +--------------------------------+--------------------------------+--------------------------------+ 366 | SSL_ERR | -12210 | "SSL Server attempted to use | 367 | OR_PUB_KEY_SIZE_LIMIT_EXCEEDED | | domestic-grade public key with | 368 | | | export cipher suite." | 369 | | | | 370 | | | On a client socket, this error | 371 | | | reports that the remote server | 372 | | | has failed to perform an "SSL | 373 | | | Step down" for an export | 374 | | | cipher. It has sent a | 375 | | | certificate bearing a | 376 | | | domestic-grade public key, but | 377 | | | has not sent a | 378 | | | ServerKeyExchange message | 379 | | | containing an export-grade | 380 | | | public key for the key | 381 | | | exchange algorithm. Such a | 382 | | | connection cannot be permitted | 383 | | | without violating U.S. export | 384 | | | policies. On a server socket, | 385 | | | this indicates a failure of | 386 | | | the local library. | 387 +--------------------------------+--------------------------------+--------------------------------+ 388 | S | -12206 | "Server has no key for the | 389 | SL_ERROR_NO_SERVER_KEY_FOR_ALG | | attempted key exchange | 390 | | | algorithm." | 391 | | | | 392 | | | An SSL client has requested an | 393 | | | SSL cipher suite that uses a | 394 | | | Key Exchange Algorithm for | 395 | | | which the local server has no | 396 | | | appropriate public key. This | 397 | | | indicates a configuration | 398 | | | error on the local server. | 399 +--------------------------------+--------------------------------+--------------------------------+ 400 | SSL | -12205 | "PKCS #11 token was inserted | 401 | _ERROR_TOKEN_INSERTION_REMOVAL | | or removed while operation was | 402 | | | in progress." | 403 | | | | 404 | | | A cryptographic operation | 405 | | | required to complete the | 406 | | | handshake failed because the | 407 | | | token that was performing it | 408 | | | was removed while the | 409 | | | handshake was underway. | 410 | | | Another token may also have | 411 | | | been inserted into the same | 412 | | | slot. | 413 +--------------------------------+--------------------------------+--------------------------------+ 414 | SSL_ERROR_TOKEN_SLOT_NOT_FOUND | -12204 | "No PKCS#11 token could be | 415 | | | found to do a required | 416 | | | operation." | 417 | | | | 418 | | | A cryptographic operation | 419 | | | required a PKCS#11 token with | 420 | | | specific abilities, and no | 421 | | | token could be found in any | 422 | | | slot, including the "soft | 423 | | | token" in the internal virtual | 424 | | | slot, that could do the job. | 425 | | | May indicate a server | 426 | | | configuration error, such as | 427 | | | having a certificate that is | 428 | | | inappropriate for the Key | 429 | | | Exchange Algorithm selected. | 430 +--------------------------------+--------------------------------+--------------------------------+ 431 | SS | -12203 | "Cannot communicate securely | 432 | L_ERROR_NO_COMPRESSION_OVERLAP | | with peer: no common | 433 | | | compression algorithm(s)." | 434 +--------------------------------+--------------------------------+--------------------------------+ 435 | SSL | -12202 | "Cannot initiate another SSL | 436 | _ERROR_HANDSHAKE_NOT_COMPLETED | | handshake until current | 437 | | | handshake is complete." | 438 +--------------------------------+--------------------------------+--------------------------------+ 439 | SSL_ | -12201 | "Received incorrect handshakes | 440 | ERROR_BAD_HANDSHAKE_HASH_VALUE | | hash values from peer." | 441 +--------------------------------+--------------------------------+--------------------------------+ 442 | SSL_ERROR_CERT_KEA_MISMATCH | -12200 | "The certificate provided | 443 | | | cannot be used with the | 444 | | | selected key exchange | 445 | | | algorithm." | 446 +--------------------------------+--------------------------------+--------------------------------+ 447 | SSL_ | -12199 | "No certificate authority is | 448 | ERROR_NO_TRUSTED_SSL_CLIENT_CA | | trusted for SSL client | 449 | | | authentication." | 450 +--------------------------------+--------------------------------+--------------------------------+ 451 | SSL_ERROR_SESSION_NOT_FOUND | -12198 | "Client's SSL session ID not | 452 | | | found in server's session | 453 | | | cache." | 454 +--------------------------------+--------------------------------+--------------------------------+ 455 | SSL_ERR | -12185 | "SSL server cache not | 456 | OR_SERVER_CACHE_NOT_CONFIGURED | | configured and not disabled | 457 | | | for this socket." | 458 +--------------------------------+--------------------------------+--------------------------------+ 459 | SSL_E | -12176 | "Renegotiation is not allowed | 460 | RROR_RENEGOTIATION_NOT_ALLOWED | | on this SSL socket." | 461 +--------------------------------+--------------------------------+--------------------------------+ 462 | **Received a malformed (too | | | 463 | long or short or invalid | | | 464 | content) SSL handshake: ** | | | 465 | | | | 466 | All the error codes in the | | | 467 | following block indicate that | | | 468 | the local socket received an | | | 469 | improperly formatted SSL3 | | | 470 | handshake message from the | | | 471 | remote peer. This probably | | | 472 | indicates a flaw in the remote | | | 473 | peer's implementation. | | | 474 +--------------------------------+--------------------------------+--------------------------------+ 475 | SSL_ER | -12261 | "SSL received a malformed | 476 | ROR_RX_MALFORMED_HELLO_REQUEST | | Hello Request handshake | 477 | | | message." | 478 +--------------------------------+--------------------------------+--------------------------------+ 479 | SSL_E | -12260 | "SSL received a malformed | 480 | RROR_RX_MALFORMED_CLIENT_HELLO | | Client Hello handshake | 481 | | | message." | 482 +--------------------------------+--------------------------------+--------------------------------+ 483 | SSL_E | -12259 | "SSL received a malformed | 484 | RROR_RX_MALFORMED_SERVER_HELLO | | Server Hello handshake | 485 | | | message." | 486 +--------------------------------+--------------------------------+--------------------------------+ 487 | SSL_ | -12258 | "SSL received a malformed | 488 | ERROR_RX_MALFORMED_CERTIFICATE | | Certificate handshake | 489 | | | message." | 490 +--------------------------------+--------------------------------+--------------------------------+ 491 | SSL_ERROR | -12257 | "SSL received a malformed | 492 | _RX_MALFORMED_SERVER_KEY_EXCH | | Server Key Exchange handshake | 493 | | | message." | 494 +--------------------------------+--------------------------------+--------------------------------+ 495 | SSL_E | -12256 | "SSL received a malformed | 496 | RROR_RX_MALFORMED_CERT_REQUEST | | Certificate Request handshake | 497 | | | message." | 498 +--------------------------------+--------------------------------+--------------------------------+ 499 | SSL | -12255 | "SSL received a malformed | 500 | _ERROR_RX_MALFORMED_HELLO_DONE | | Server Hello Done handshake | 501 | | | message." | 502 +--------------------------------+--------------------------------+--------------------------------+ 503 | SSL_ | -12254 | "SSL received a malformed | 504 | ERROR_RX_MALFORMED_CERT_VERIFY | | Certificate Verify handshake | 505 | | | message." | 506 +--------------------------------+--------------------------------+--------------------------------+ 507 | SSL_ERROR | -12253 | "SSL received a malformed | 508 | _RX_MALFORMED_CLIENT_KEY_EXCH | | Client Key Exchange handshake | 509 | | | message." | 510 +--------------------------------+--------------------------------+--------------------------------+ 511 | S | -12252 | "SSL received a malformed | 512 | SL_ERROR_RX_MALFORMED_FINISHED | | Finished handshake message." | 513 +--------------------------------+--------------------------------+--------------------------------+ 514 | SSL_ERROR_R | -12178 | "SSL received a malformed New | 515 | X_MALFORMED_NEW_SESSION_TICKET | | Session Ticket handshake | 516 | | | message." | 517 +--------------------------------+--------------------------------+--------------------------------+ 518 | **Received a malformed (too | | | 519 | long or short) SSL record:** | | | 520 | | | | 521 | All the error codes in the | | | 522 | following block indicate that | | | 523 | the local socket received an | | | 524 | improperly formatted SSL3 | | | 525 | record from the remote peer. | | | 526 | This probably indicates a flaw | | | 527 | in the remote peer's | | | 528 | implementation. | | | 529 +--------------------------------+--------------------------------+--------------------------------+ 530 | SSL_ER | -12251 | "SSL received a malformed | 531 | ROR_RX_MALFORMED_CHANGE_CIPHER | | Change Cipher Spec record." | 532 +--------------------------------+--------------------------------+--------------------------------+ 533 | SSL_ERROR_RX_MALFORMED_ALERT | -12250 | "SSL received a malformed | 534 | | | Alert record." | 535 +--------------------------------+--------------------------------+--------------------------------+ 536 | SS | -12249 | "SSL received a malformed | 537 | L_ERROR_RX_MALFORMED_HANDSHAKE | | Handshake record." | 538 +--------------------------------+--------------------------------+--------------------------------+ 539 | SSL_ERROR_ | -12248 | "SSL received a malformed | 540 | RX_MALFORMED_APPLICATION_DATA | | Application Data record." | 541 +--------------------------------+--------------------------------+--------------------------------+ 542 | **Received an SSL handshake | | | 543 | that was inappropriate for the | | | 544 | current state:** | | | 545 | | | | 546 | All the error codes in the | | | 547 | following block indicate that | | | 548 | the local socket received an | | | 549 | SSL3 handshake message from | | | 550 | the remote peer at a time when | | | 551 | it was inappropriate for the | | | 552 | peer to have sent this | | | 553 | message. For example, a server | | | 554 | received a message from | | | 555 | another server. This probably | | | 556 | indicates a flaw in the remote | | | 557 | peer's implementation. | | | 558 +--------------------------------+--------------------------------+--------------------------------+ 559 | SSL_ERR | -12247 | "SSL received an unexpected | 560 | OR_RX_UNEXPECTED_HELLO_REQUEST | | Hello Request handshake | 561 | | | message." | 562 +--------------------------------+--------------------------------+--------------------------------+ 563 | SSL_ER | -12246 | "SSL received an unexpected | 564 | ROR_RX_UNEXPECTED_CLIENT_HELLO | | Client Hello handshake | 565 | | | message." | 566 +--------------------------------+--------------------------------+--------------------------------+ 567 | SSL_ER | -12245 | "SSL received an unexpected | 568 | ROR_RX_UNEXPECTED_SERVER_HELLO | | Server Hello handshake | 569 | | | message." | 570 +--------------------------------+--------------------------------+--------------------------------+ 571 | SSL_E | -12244 | "SSL received an unexpected | 572 | RROR_RX_UNEXPECTED_CERTIFICATE | | Certificate handshake | 573 | | | message." | 574 +--------------------------------+--------------------------------+--------------------------------+ 575 | SSL_ERROR_ | -12243 | "SSL received an unexpected | 576 | RX_UNEXPECTED_SERVER_KEY_EXCH | | Server Key Exchange handshake | 577 | | | message." | 578 +--------------------------------+--------------------------------+--------------------------------+ 579 | SSL_ER | -12242 | "SSL received an unexpected | 580 | ROR_RX_UNEXPECTED_CERT_REQUEST | | Certificate Request handshake | 581 | | | message." | 582 +--------------------------------+--------------------------------+--------------------------------+ 583 | SSL_ | -12241 | "SSL received an unexpected | 584 | ERROR_RX_UNEXPECTED_HELLO_DONE | | Server Hello Done handshake | 585 | | | message." | 586 +--------------------------------+--------------------------------+--------------------------------+ 587 | SSL_E | -12240 | "SSL received an unexpected | 588 | RROR_RX_UNEXPECTED_CERT_VERIFY | | Certificate Verify handshake | 589 | | | message." | 590 +--------------------------------+--------------------------------+--------------------------------+ 591 | SSL_ERROR_ | -12239 | "SSL received an unexpected | 592 | RX_UNEXPECTED_CLIENT_KEY_EXCH | | Client Key Exchange handshake | 593 | | | message." | 594 +--------------------------------+--------------------------------+--------------------------------+ 595 | SS | -12238 | "SSL received an unexpected | 596 | L_ERROR_RX_UNEXPECTED_FINISHED | | Finished handshake message." | 597 +--------------------------------+--------------------------------+--------------------------------+ 598 | SSL_ERROR_RX | -12179 | "SSL received an unexpected | 599 | _UNEXPECTED_NEW_SESSION_TICKET | | New Session Ticket handshake | 600 | | | message." | 601 +--------------------------------+--------------------------------+--------------------------------+ 602 | **Received an SSL record that | | | 603 | was inappropriate for the | | | 604 | current state:** | | | 605 | | | | 606 | All the error codes in the | | | 607 | following block indicate that | | | 608 | the local socket received an | | | 609 | SSL3 record from the remote | | | 610 | peer at a time when it was | | | 611 | inappropriate for the peer to | | | 612 | have sent this message. This | | | 613 | probably indicates a flaw in | | | 614 | the remote peer's | | | 615 | implementation. | | | 616 +--------------------------------+--------------------------------+--------------------------------+ 617 | SSL_ERR | -12237 | "SSL received an unexpected | 618 | OR_RX_UNEXPECTED_CHANGE_CIPHER | | Change Cipher Spec record." | 619 +--------------------------------+--------------------------------+--------------------------------+ 620 | SSL_ERROR_RX_UNEXPECTED_ALERT | -12236 | "SSL received an unexpected | 621 | | | Alert record." | 622 +--------------------------------+--------------------------------+--------------------------------+ 623 | SSL | -12235 | "SSL received an unexpected | 624 | _ERROR_RX_UNEXPECTED_HANDSHAKE | | Handshake record." | 625 +--------------------------------+--------------------------------+--------------------------------+ 626 | SSL_ERROR_ | -12234 | "SSL received an unexpected | 627 | RX_UNEXPECTED_APPLICATION_DATA | | Application Data record." | 628 +--------------------------------+--------------------------------+--------------------------------+ 629 | **Received record/message with | | | 630 | unknown discriminant:** | | | 631 | | | | 632 | All the error codes in the | | | 633 | following block indicate that | | | 634 | the local socket received an | | | 635 | SSL3 record or handshake | | | 636 | message from the remote peer | | | 637 | that it was unable to | | | 638 | interpret because the byte | | | 639 | that identifies the type of | | | 640 | record or message contained an | | | 641 | unrecognized value. This | | | 642 | probably indicates a flaw in | | | 643 | the remote peer's | | | 644 | implementation. | | | 645 +--------------------------------+--------------------------------+--------------------------------+ 646 | SS | -12233 | "SSL received a record with an | 647 | L_ERROR_RX_UNKNOWN_RECORD_TYPE | | unknown content type." | 648 +--------------------------------+--------------------------------+--------------------------------+ 649 | SSL_ERROR_RX_UNKNOWN_HANDSHAKE | -12232 | "SSL received a handshake | 650 | | | message with an unknown | 651 | | | message type." | 652 +--------------------------------+--------------------------------+--------------------------------+ 653 | SSL_ERROR_RX_UNKNOWN_ALERT | -12231 | "SSL received an alert record | 654 | | | with an unknown alert | 655 | | | description." | 656 +--------------------------------+--------------------------------+--------------------------------+ 657 | **Received an alert report:** | | | 658 | | | | 659 | | All the error codes in the | | | 660 | following block indicate | | | 661 | that the local socket | | | 662 | received an SSL3 or TLS | | | 663 | alert record from the remote | | | 664 | peer, reporting some issue | | | 665 | that it had with an SSL | | | 666 | record or handshake message | | | 667 | it received. (Some \_Alert | | | 668 | codes are listed in other | | | 669 | blocks.) | | | 670 | | | | | 671 +--------------------------------+--------------------------------+--------------------------------+ 672 | SSL_ER | -12229 | "SSL peer was not expecting a | 673 | ROR_HANDSHAKE_UNEXPECTED_ALERT | | handshake message it | 674 | | | received." | 675 +--------------------------------+--------------------------------+--------------------------------+ 676 | SSL_ERR | -12228 | "SSL peer was unable to | 677 | OR_DECOMPRESSION_FAILURE_ALERT | | successfully decompress an SSL | 678 | | | record it received." | 679 +--------------------------------+--------------------------------+--------------------------------+ 680 | SSL | -12227 | "SSL peer was unable to | 681 | _ERROR_HANDSHAKE_FAILURE_ALERT | | negotiate an acceptable set of | 682 | | | security parameters." | 683 +--------------------------------+--------------------------------+--------------------------------+ 684 | SSL | -12226 | "SSL peer rejected a handshake | 685 | _ERROR_ILLEGAL_PARAMETER_ALERT | | message for unacceptable | 686 | | | content." | 687 +--------------------------------+--------------------------------+--------------------------------+ 688 | SS | -12225 | "SSL peer does not support | 689 | L_ERROR_UNSUPPORTED_CERT_ALERT | | certificates of the type it | 690 | | | received." | 691 +--------------------------------+--------------------------------+--------------------------------+ 692 | SSL_E | -12224 | "SSL peer had some unspecified | 693 | RROR_CERTIFICATE_UNKNOWN_ALERT | | issue with the certificate it | 694 | | | received." | 695 +--------------------------------+--------------------------------+--------------------------------+ 696 | SSL | -12197 | "Peer was unable to decrypt an | 697 | _ERROR_DECRYPTION_FAILED_ALERT | | SSL record it received." | 698 +--------------------------------+--------------------------------+--------------------------------+ 699 | S | -12196 | "Peer received an SSL record | 700 | SL_ERROR_RECORD_OVERFLOW_ALERT | | that was longer than is | 701 | | | permitted." | 702 +--------------------------------+--------------------------------+--------------------------------+ 703 | SSL_ERROR_UNKNOWN_CA_ALERT | -12195 | "Peer does not recognize and | 704 | | | trust the CA that issued your | 705 | | | certificate." | 706 +--------------------------------+--------------------------------+--------------------------------+ 707 | SSL_ERROR_ACCESS_DENIED_ALERT | -12194 | "Peer received a valid | 708 | | | certificate, but access was | 709 | | | denied." | 710 +--------------------------------+--------------------------------+--------------------------------+ 711 | SSL_ERROR_DECODE_ERROR_ALERT | -12193 | "Peer could not decode an SSL | 712 | | | handshake message." | 713 +--------------------------------+--------------------------------+--------------------------------+ 714 | SSL_ERROR_DECRYPT_ERROR_ALERT | -12192 | "Peer reports failure of | 715 | | | signature verification or key | 716 | | | exchange." | 717 +--------------------------------+--------------------------------+--------------------------------+ 718 | SSL_ | -12191 | "Peer reports negotiation not | 719 | ERROR_EXPORT_RESTRICTION_ALERT | | in compliance with export | 720 | | | regulations." | 721 +--------------------------------+--------------------------------+--------------------------------+ 722 | SS | -12190 | "Peer reports incompatible or | 723 | L_ERROR_PROTOCOL_VERSION_ALERT | | unsupported protocol version." | 724 +--------------------------------+--------------------------------+--------------------------------+ 725 | SSL_ERR | -12189 | "Server requires ciphers more | 726 | OR_INSUFFICIENT_SECURITY_ALERT | | secure than those supported by | 727 | | | client." | 728 +--------------------------------+--------------------------------+--------------------------------+ 729 | SSL_ERROR_INTERNAL_ERROR_ALERT | -12188 | "Peer reports it experienced | 730 | | | an internal error." | 731 +--------------------------------+--------------------------------+--------------------------------+ 732 | SSL_ERROR_USER_CANCELED_ALERT | -12187 | "Peer user canceled | 733 | | | handshake." | 734 +--------------------------------+--------------------------------+--------------------------------+ 735 | SS | -12186 | "Peer does not permit | 736 | L_ERROR_NO_RENEGOTIATION_ALERT | | renegotiation of SSL security | 737 | | | parameters." | 738 +--------------------------------+--------------------------------+--------------------------------+ 739 | SSL_ERR | -12184 | "SSL peer does not support | 740 | OR_UNSUPPORTED_EXTENSION_ALERT | | requested TLS hello | 741 | | | extension." | 742 +--------------------------------+--------------------------------+--------------------------------+ 743 | SSL_ERROR_ | -12183 | "SSL peer could not obtain | 744 | CERTIFICATE_UNOBTAINABLE_ALERT | | your certificate from the | 745 | | | supplied URL." | 746 +--------------------------------+--------------------------------+--------------------------------+ 747 | SSL | -12182 | "SSL peer has no certificate | 748 | _ERROR_UNRECOGNIZED_NAME_ALERT | | for the requested DNS name." | 749 +--------------------------------+--------------------------------+--------------------------------+ 750 | SSL_ERROR_ | -12181 | "SSL peer was unable to get an | 751 | BAD_CERT_STATUS_RESPONSE_ALERT | | OCSP response for its | 752 | | | certificate." | 753 +--------------------------------+--------------------------------+--------------------------------+ 754 | SSL_E | -12180 | "SSL peer reported bad | 755 | RROR_BAD_CERT_HASH_VALUE_ALERT | | certificate hash value." | 756 +--------------------------------+--------------------------------+--------------------------------+ 757 | **Unspecified errors that | | | 758 | occurred while attempting some | | | 759 | operation:** | | | 760 | | | | 761 | All the error codes in the | | | 762 | following block describe the | | | 763 | operation that was being | | | 764 | attempted at the time of the | | | 765 | unspecified failure. These | | | 766 | failures may be caused by the | | | 767 | system running out of memory, | | | 768 | or errors returned by PKCS#11 | | | 769 | routines that did not provide | | | 770 | meaningful error codes of | | | 771 | their own. These should rarely | | | 772 | be seen. (Certain of these | | | 773 | error codes have more specific | | | 774 | meanings, as described.) | | | 775 +--------------------------------+--------------------------------+--------------------------------+ 776 | SSL | -12223 | "SSL experienced a failure of | 777 | _ERROR_GENERATE_RANDOM_FAILURE | | its random number generator." | 778 +--------------------------------+--------------------------------+--------------------------------+ 779 | SSL_ERROR_SIGN_HASHES_FAILURE | -12222 | "Unable to digitally sign data | 780 | | | required to verify your | 781 | | | certificate." | 782 +--------------------------------+--------------------------------+--------------------------------+ 783 | SSL_ER | -12221 | "SSL was unable to extract the | 784 | ROR_EXTRACT_PUBLIC_KEY_FAILURE | | public key from the peer's | 785 | | | certificate." | 786 +--------------------------------+--------------------------------+--------------------------------+ 787 | SSL_ERR | -12220 | "Unspecified failure while | 788 | OR_SERVER_KEY_EXCHANGE_FAILURE | | processing SSL Server Key | 789 | | | Exchange handshake." | 790 +--------------------------------+--------------------------------+--------------------------------+ 791 | SSL_ERR | -12219 | "Unspecified failure while | 792 | OR_CLIENT_KEY_EXCHANGE_FAILURE | | processing SSL Client Key | 793 | | | Exchange handshake." | 794 +--------------------------------+--------------------------------+--------------------------------+ 795 | SSL_ERROR_ENCRYPTION_FAILURE | -12218 | "Bulk data encryption | 796 | | | algorithm failed in selected | 797 | | | cipher suite." | 798 +--------------------------------+--------------------------------+--------------------------------+ 799 | SSL_ERROR_DECRYPTION_FAILURE | -12217 | "Bulk data decryption | 800 | | | algorithm failed in selected | 801 | | | cipher suite." | 802 +--------------------------------+--------------------------------+--------------------------------+ 803 | SSL_ERROR_SOCKET_WRITE_FAILURE | -12216 | "Attempt to write encrypted | 804 | | | data to underlying socket | 805 | | | failed." | 806 | | | | 807 | | | After the data to be sent was | 808 | | | encrypted, the attempt to send | 809 | | | it out the socket failed. | 810 | | | Likely causes include that the | 811 | | | peer has closed the | 812 | | | connection. | 813 +--------------------------------+--------------------------------+--------------------------------+ 814 | SSL_ERROR_MD5_DIGEST_FAILURE | -12215 | "MD5 digest function failed." | 815 +--------------------------------+--------------------------------+--------------------------------+ 816 | SSL_ERROR_SHA_DIGEST_FAILURE | -12214 | "SHA-1 digest function | 817 | | | failed." | 818 +--------------------------------+--------------------------------+--------------------------------+ 819 | SSL | -12213 | "Message Authentication Code | 820 | _ERROR_MAC_COMPUTATION_FAILURE | | computation failed." | 821 +--------------------------------+--------------------------------+--------------------------------+ 822 | SSL | -12212 | "Failure to create Symmetric | 823 | _ERROR_SYM_KEY_CONTEXT_FAILURE | | Key context." | 824 +--------------------------------+--------------------------------+--------------------------------+ 825 | SS | -12211 | "Failure to unwrap the | 826 | L_ERROR_SYM_KEY_UNWRAP_FAILURE | | Symmetric key in Client Key | 827 | | | Exchange message." | 828 +--------------------------------+--------------------------------+--------------------------------+ 829 | SSL_ERROR_IV_PARAM_FAILURE | -12209 | "PKCS11 code failed to | 830 | | | translate an IV into a param." | 831 +--------------------------------+--------------------------------+--------------------------------+ 832 | SSL_E | -12208 | "Failed to initialize the | 833 | RROR_INIT_CIPHER_SUITE_FAILURE | | selected cipher suite." | 834 +--------------------------------+--------------------------------+--------------------------------+ 835 | SSL | -12207 | "Failed to generate session | 836 | _ERROR_SESSION_KEY_GEN_FAILURE | | keys for SSL session." | 837 | | | | 838 | | | On a client socket, indicates | 839 | | | a failure of the PKCS11 key | 840 | | | generation function. On a | 841 | | | server socket, indicates a | 842 | | | failure of one of the | 843 | | | following: (a) to unwrap the | 844 | | | pre-master secret from the | 845 | | | ClientKeyExchange message, (b) | 846 | | | to derive the master secret | 847 | | | from the premaster secret, (c) | 848 | | | to derive the MAC secrets, | 849 | | | cryptographic keys, and | 850 | | | initialization vectors from | 851 | | | the master secret. If | 852 | | | encountered repeatedly on a | 853 | | | server socket, this can | 854 | | | indicate that the server is | 855 | | | actively under a "million | 856 | | | question" attack. | 857 +--------------------------------+--------------------------------+--------------------------------+ 858 | S | -12177 | "SSL received a compressed | 859 | SL_ERROR_DECOMPRESSION_FAILURE | | record that could not be | 860 | | | decompressed." | 861 +--------------------------------+--------------------------------+--------------------------------+ 862 863 .. _sec_error_codes: 864 865 `SEC Error Codes <#sec_error_codes>`__ 866 -------------------------------------- 867 868 .. container:: 869 870 **Table 8.2 Security error codes defined in secerr.h** 871 872 +--------------------------------+--------------------------------+--------------------------------+ 873 | **Constant** | **Value** | **Description** | 874 +--------------------------------+--------------------------------+--------------------------------+ 875 | SEC_ERROR_IO | -8192 | An I/O error occurred during | 876 | | | authentication; or | 877 | | | an error occurred during | 878 | | | crypto operation (other than | 879 | | | signature verification). | 880 +--------------------------------+--------------------------------+--------------------------------+ 881 | SEC_ERROR_LIBRARY_FAILURE | -8191 | Security library failure. | 882 +--------------------------------+--------------------------------+--------------------------------+ 883 | SEC_ERROR_BAD_DATA | -8190 | Security library: received bad | 884 | | | data. | 885 +--------------------------------+--------------------------------+--------------------------------+ 886 | SEC_ERROR_OUTPUT_LEN | -8189 | Security library: output | 887 | | | length error. | 888 +--------------------------------+--------------------------------+--------------------------------+ 889 | SEC_ERROR_INPUT_LEN | -8188 | Security library: input length | 890 | | | error. | 891 +--------------------------------+--------------------------------+--------------------------------+ 892 | SEC_ERROR_INVALID_ARGS | -8187 | Security library: invalid | 893 | | | arguments. | 894 +--------------------------------+--------------------------------+--------------------------------+ 895 | SEC_ERROR_INVALID_ALGORITHM | -8186 | Security library: invalid | 896 | | | algorithm. | 897 +--------------------------------+--------------------------------+--------------------------------+ 898 | SEC_ERROR_INVALID_AVA | -8185 | Security library: invalid AVA. | 899 +--------------------------------+--------------------------------+--------------------------------+ 900 | SEC_ERROR_INVALID_TIME | -8184 | Security library: invalid | 901 | | | time. | 902 +--------------------------------+--------------------------------+--------------------------------+ 903 | SEC_ERROR_BAD_DER | -8183 | Security library: improperly | 904 | | | formatted DER-encoded message. | 905 +--------------------------------+--------------------------------+--------------------------------+ 906 | SEC_ERROR_BAD_SIGNATURE | -8182 | Peer's certificate has an | 907 | | | invalid signature. | 908 +--------------------------------+--------------------------------+--------------------------------+ 909 | SEC_ERROR_EXPIRED_CERTIFICATE | -8181 | Peer's certificate has | 910 | | | expired. | 911 +--------------------------------+--------------------------------+--------------------------------+ 912 | SEC_ERROR_REVOKED_CERTIFICATE | -8180 | Peer's certificate has been | 913 | | | revoked. | 914 +--------------------------------+--------------------------------+--------------------------------+ 915 | SEC_ERROR_UNKNOWN_ISSUER | -8179 | Peer's certificate issuer is | 916 | | | not recognized. | 917 +--------------------------------+--------------------------------+--------------------------------+ 918 | SEC_ERROR_BAD_KEY | -8178 | Peer's public key is invalid | 919 +--------------------------------+--------------------------------+--------------------------------+ 920 | SEC_ERROR_BAD_PASSWORD | -8177 | The password entered is | 921 | | | incorrect. | 922 +--------------------------------+--------------------------------+--------------------------------+ 923 | SEC_ERROR_RETRY_PASSWORD | -8176 | New password entered | 924 | | | incorrectly. | 925 +--------------------------------+--------------------------------+--------------------------------+ 926 | SEC_ERROR_NO_NODELOCK | -8175 | Security library: no nodelock. | 927 +--------------------------------+--------------------------------+--------------------------------+ 928 | SEC_ERROR_BAD_DATABASE | -8174 | Security library: bad | 929 | | | database. | 930 +--------------------------------+--------------------------------+--------------------------------+ 931 | SEC_ERROR_NO_MEMORY | -8173 | Security library: memory | 932 | | | allocation failure. | 933 +--------------------------------+--------------------------------+--------------------------------+ 934 | SEC_ERROR_UNTRUSTED_ISSUER | -8172 | Peer's certificate issuer has | 935 | | | been marked as not trusted by | 936 | | | the user. | 937 +--------------------------------+--------------------------------+--------------------------------+ 938 | SEC_ERROR_UNTRUSTED_CERT | -8171 | Peer's certificate has been | 939 | | | marked as not trusted by the | 940 | | | user. | 941 +--------------------------------+--------------------------------+--------------------------------+ 942 | SEC_ERROR_DUPLICATE_CERT | -8170 | Certificate already exists in | 943 | | | your database. | 944 +--------------------------------+--------------------------------+--------------------------------+ 945 | SEC_ERROR_DUPLICATE_CERT_NAME | -8169 | Downloaded certificate's name | 946 | | | duplicates one already in your | 947 | | | database. | 948 +--------------------------------+--------------------------------+--------------------------------+ 949 | SEC_ERROR_ADDING_CERT | -8168 | Error adding certificate to | 950 | | | database. | 951 +--------------------------------+--------------------------------+--------------------------------+ 952 | SEC_ERROR_FILING_KEY | -8167 | Error refiling the key for | 953 | | | this certificate. | 954 +--------------------------------+--------------------------------+--------------------------------+ 955 | SEC_ERROR_NO_KEY | -8166 | The private key for this | 956 | | | certificate cannot be found in | 957 | | | key database. | 958 +--------------------------------+--------------------------------+--------------------------------+ 959 | SEC_ERROR_CERT_VALID | -8165 | This certificate is valid. | 960 +--------------------------------+--------------------------------+--------------------------------+ 961 | SEC_ERROR_CERT_NOT_VALID | -8164 | This certificate is not valid. | 962 +--------------------------------+--------------------------------+--------------------------------+ 963 | SEC_ERROR_CERT_NO_RESPONSE | -8163 | Certificate library: no | 964 | | | response. | 965 +--------------------------------+--------------------------------+--------------------------------+ 966 | SEC_ER | -8162 | The certificate issuer's | 967 | ROR_EXPIRED_ISSUER_CERTIFICATE | | certificate has expired. | 968 +--------------------------------+--------------------------------+--------------------------------+ 969 | SEC_ERROR_CRL_EXPIRED | -8161 | The CRL for the certificate's | 970 | | | issuer has expired. | 971 +--------------------------------+--------------------------------+--------------------------------+ 972 | SEC_ERROR_CRL_BAD_SIGNATURE | -8160 | The CRL for the certificate's | 973 | | | issuer has an invalid | 974 | | | signature. | 975 +--------------------------------+--------------------------------+--------------------------------+ 976 | SEC_ERROR_CRL_INVALID | -8159 | New CRL has an invalid format. | 977 +--------------------------------+--------------------------------+--------------------------------+ 978 | SEC | -8158 | Certificate extension value is | 979 | _ERROR_EXTENSION_VALUE_INVALID | | invalid. | 980 +--------------------------------+--------------------------------+--------------------------------+ 981 | SEC_ERROR_EXTENSION_NOT_FOUND | -8157 | Certificate extension not | 982 | | | found. | 983 +--------------------------------+--------------------------------+--------------------------------+ 984 | SEC_ERROR_CA_CERT_INVALID | -8156 | Issuer certificate is invalid. | 985 +--------------------------------+--------------------------------+--------------------------------+ 986 | SEC_ERR | -8155 | Certificate path length | 987 | OR_PATH_LEN_CONSTRAINT_INVALID | | constraint is invalid. | 988 +--------------------------------+--------------------------------+--------------------------------+ 989 | SEC_ERROR_CERT_USAGES_INVALID | -8154 | Certificate usages field is | 990 | | | invalid. | 991 +--------------------------------+--------------------------------+--------------------------------+ 992 | SEC_INTERNAL_ONLY | -8153 | Internal-only module. | 993 +--------------------------------+--------------------------------+--------------------------------+ 994 | SEC_ERROR_INVALID_KEY | -8152 | The key does not support the | 995 | | | requested operation. | 996 +--------------------------------+--------------------------------+--------------------------------+ 997 | SEC_ER | -8151 | Certificate contains unknown | 998 | ROR_UNKNOWN_CRITICAL_EXTENSION | | critical extension. | 999 +--------------------------------+--------------------------------+--------------------------------+ 1000 | SEC_ERROR_OLD_CRL | -8150 | New CRL is not later than the | 1001 | | | current one. | 1002 +--------------------------------+--------------------------------+--------------------------------+ 1003 | SEC_ERROR_NO_EMAIL_CERT | -8149 | Not encrypted or signed: you | 1004 | | | do not yet have an email | 1005 | | | certificate. | 1006 +--------------------------------+--------------------------------+--------------------------------+ 1007 | SEC_ | -8148 | Not encrypted: you do not have | 1008 | ERROR_NO_RECIPIENT_CERTS_QUERY | | certificates for each of the | 1009 | | | recipients. | 1010 +--------------------------------+--------------------------------+--------------------------------+ 1011 | SEC_ERROR_NOT_A_RECIPIENT | -8147 | Cannot decrypt: you are not a | 1012 | | | recipient, or matching | 1013 | | | certificate and private key | 1014 | | | not found. | 1015 +--------------------------------+--------------------------------+--------------------------------+ 1016 | S | -8146 | Cannot decrypt: key encryption | 1017 | EC_ERROR_PKCS7_KEYALG_MISMATCH | | algorithm does not match your | 1018 | | | certificate. | 1019 +--------------------------------+--------------------------------+--------------------------------+ 1020 | SEC_ERROR_PKCS7_BAD_SIGNATURE | -8145 | Signature verification failed: | 1021 | | | no signer found, too many | 1022 | | | signers found, \\ | 1023 | | | or improper or corrupted data. | 1024 +--------------------------------+--------------------------------+--------------------------------+ 1025 | SEC_ERROR_UNSUPPORTED_KEYALG | -8144 | Unsupported or unknown key | 1026 | | | algorithm. | 1027 +--------------------------------+--------------------------------+--------------------------------+ 1028 | S | -8143 | Cannot decrypt: encrypted | 1029 | EC_ERROR_DECRYPTION_DISALLOWED | | using a disallowed algorithm | 1030 | | | or key size. | 1031 +--------------------------------+--------------------------------+--------------------------------+ 1032 | XP_SEC_FORTEZZA_BAD_CARD | -8142 | FORTEZZA card has not been | 1033 | | | properly initialized. | 1034 +--------------------------------+--------------------------------+--------------------------------+ 1035 | XP_SEC_FORTEZZA_NO_CARD | -8141 | No FORTEZZA cards found. | 1036 +--------------------------------+--------------------------------+--------------------------------+ 1037 | XP_SEC_FORTEZZA_NONE_SELECTED | -8140 | No FORTEZZA card selected. | 1038 +--------------------------------+--------------------------------+--------------------------------+ 1039 | XP_SEC_FORTEZZA_MORE_INFO | -8139 | Please select a personality to | 1040 | | | get more info on. | 1041 +--------------------------------+--------------------------------+--------------------------------+ 1042 | XP | -8138 | Personality not found | 1043 | _SEC_FORTEZZA_PERSON_NOT_FOUND | | | 1044 +--------------------------------+--------------------------------+--------------------------------+ 1045 | XP_SEC_FORTEZZA_NO_MORE_INFO | -8137 | No more information on that | 1046 | | | personality. | 1047 +--------------------------------+--------------------------------+--------------------------------+ 1048 | XP_SEC_FORTEZZA_BAD_PIN | -8136 | Invalid PIN. | 1049 +--------------------------------+--------------------------------+--------------------------------+ 1050 | XP_SEC_FORTEZZA_PERSON_ERROR | -8135 | Couldn't initialize FORTEZZA | 1051 | | | personalities. | 1052 +--------------------------------+--------------------------------+--------------------------------+ 1053 | SEC_ERROR_NO_KRL | -8134 | No KRL for this site's | 1054 | | | certificate has been found. | 1055 +--------------------------------+--------------------------------+--------------------------------+ 1056 | SEC_ERROR_KRL_EXPIRED | -8133 | The KRL for this site's | 1057 | | | certificate has expired. | 1058 +--------------------------------+--------------------------------+--------------------------------+ 1059 | SEC_ERROR_KRL_BAD_SIGNATURE | -8132 | The KRL for this site's | 1060 | | | certificate has an invalid | 1061 | | | signature. | 1062 +--------------------------------+--------------------------------+--------------------------------+ 1063 | SEC_ERROR_REVOKED_KEY | -8131 | The key for this site's | 1064 | | | certificate has been revoked. | 1065 +--------------------------------+--------------------------------+--------------------------------+ 1066 | SEC_ERROR_KRL_INVALID | -8130 | New KRL has an invalid format. | 1067 +--------------------------------+--------------------------------+--------------------------------+ 1068 | SEC_ERROR_NEED_RANDOM | -8129 | Security library: need random | 1069 | | | data. | 1070 +--------------------------------+--------------------------------+--------------------------------+ 1071 | SEC_ERROR_NO_MODULE | -8128 | Security library: no security | 1072 | | | module can perform the | 1073 | | | requested operation. | 1074 +--------------------------------+--------------------------------+--------------------------------+ 1075 | SEC_ERROR_NO_TOKEN | -8127 | The security card or token | 1076 | | | does not exist, needs to be | 1077 | | | initialized, or has been | 1078 | | | removed. | 1079 +--------------------------------+--------------------------------+--------------------------------+ 1080 | SEC_ERROR_READ_ONLY | -8126 | Security library: read-only | 1081 | | | database. | 1082 +--------------------------------+--------------------------------+--------------------------------+ 1083 | SEC_ERROR_NO_SLOT_SELECTED | -8125 | No slot or token was selected. | 1084 +--------------------------------+--------------------------------+--------------------------------+ 1085 | SEC | -8124 | A certificate with the same | 1086 | _ERROR_CERT_NICKNAME_COLLISION | | nickname already exists. | 1087 +--------------------------------+--------------------------------+--------------------------------+ 1088 | SE | -8123 | A key with the same nickname | 1089 | C_ERROR_KEY_NICKNAME_COLLISION | | already exists. | 1090 +--------------------------------+--------------------------------+--------------------------------+ 1091 | SEC_ERROR_SAFE_NOT_CREATED | -8122 | Error while creating safe | 1092 | | | object. | 1093 +--------------------------------+--------------------------------+--------------------------------+ 1094 | SEC_ERROR_BAGGAGE_NOT_CREATED | -8121 | Error while creating baggage | 1095 | | | object. | 1096 +--------------------------------+--------------------------------+--------------------------------+ 1097 | XP_JAVA_REMOVE_PRINCIPAL_ERROR | -8120 | Couldn't remove the principal. | 1098 +--------------------------------+--------------------------------+--------------------------------+ 1099 | XP_JAVA_DELETE_PRIVILEGE_ERROR | -8119 | Couldn't delete the privilege | 1100 +--------------------------------+--------------------------------+--------------------------------+ 1101 | XP_JAVA_CERT_NOT_EXISTS_ERROR | -8118 | This principal doesn't have a | 1102 | | | certificate. | 1103 +--------------------------------+--------------------------------+--------------------------------+ 1104 | SEC_ERROR_BAD_EXPORT_ALGORITHM | -8117 | Required algorithm is not | 1105 | | | allowed. | 1106 +--------------------------------+--------------------------------+--------------------------------+ 1107 | SE | -8116 | Error attempting to export | 1108 | C_ERROR_EXPORTING_CERTIFICATES | | certificates. | 1109 +--------------------------------+--------------------------------+--------------------------------+ 1110 | SE | -8115 | Error attempting to import | 1111 | C_ERROR_IMPORTING_CERTIFICATES | | certificates. | 1112 +--------------------------------+--------------------------------+--------------------------------+ 1113 | SEC_ERROR_PKCS12_DECODING_PFX | -8114 | Unable to import. Decoding | 1114 | | | error. File not valid. | 1115 +--------------------------------+--------------------------------+--------------------------------+ 1116 | SEC_ERROR_PKCS12_INVALID_MAC | -8113 | Unable to import. Invalid MAC. | 1117 | | | Incorrect password or corrupt | 1118 | | | file. | 1119 +--------------------------------+--------------------------------+--------------------------------+ 1120 | SEC_ERROR_PK | -8112 | Unable to import. MAC | 1121 | CS12_UNSUPPORTED_MAC_ALGORITHM | | algorithm not supported. | 1122 +--------------------------------+--------------------------------+--------------------------------+ 1123 | SEC_ERROR_PKC | -8111 | Unable to import. Only | 1124 | S12_UNSUPPORTED_TRANSPORT_MODE | | password integrity and privacy | 1125 | | | modes supported. | 1126 +--------------------------------+--------------------------------+--------------------------------+ 1127 | SEC_ERROR | -8110 | Unable to import. File | 1128 | _PKCS12_CORRUPT_PFX_STRUCTURE | | structure is corrupt. | 1129 +--------------------------------+--------------------------------+--------------------------------+ 1130 | SEC_ERROR_PK | -8109 | Unable to import. Encryption | 1131 | CS12_UNSUPPORTED_PBE_ALGORITHM | | algorithm not supported. | 1132 +--------------------------------+--------------------------------+--------------------------------+ 1133 | SEC_ER | -8108 | Unable to import. File version | 1134 | ROR_PKCS12_UNSUPPORTED_VERSION | | not supported. | 1135 +--------------------------------+--------------------------------+--------------------------------+ 1136 | SEC_ERROR_PKC | -8107 | Unable to import. Incorrect | 1137 | S12_PRIVACY_PASSWORD_INCORRECT | | privacy password. | 1138 +--------------------------------+--------------------------------+--------------------------------+ 1139 | S | -8106 | Unable to import. Same | 1140 | EC_ERROR_PKCS12_CERT_COLLISION | | nickname already exists in | 1141 | | | database. | 1142 +--------------------------------+--------------------------------+--------------------------------+ 1143 | SEC_ERROR_USER_CANCELLED | -8105 | The user clicked cancel. | 1144 +--------------------------------+--------------------------------+--------------------------------+ 1145 | S | -8104 | Not imported, already in | 1146 | EC_ERROR_PKCS12_DUPLICATE_DATA | | database. | 1147 +--------------------------------+--------------------------------+--------------------------------+ 1148 | SEC_ERROR_MESSAGE_SEND_ABORTED | -8103 | Message not sent. | 1149 +--------------------------------+--------------------------------+--------------------------------+ 1150 | SEC_ERROR_INADEQUATE_KEY_USAGE | -8102 | Certificate key usage | 1151 | | | inadequate for attempted | 1152 | | | operation. | 1153 +--------------------------------+--------------------------------+--------------------------------+ 1154 | SEC_ERROR_INADEQUATE_CERT_TYPE | -8101 | Certificate type not approved | 1155 | | | for application. | 1156 +--------------------------------+--------------------------------+--------------------------------+ 1157 | SEC_ERROR_CERT_ADDR_MISMATCH | -8100 | Address in signing certificate | 1158 | | | does not match address in | 1159 | | | message headers. | 1160 +--------------------------------+--------------------------------+--------------------------------+ 1161 | SEC_ERR | -8099 | Unable to import. Error | 1162 | OR_PKCS12_UNABLE_TO_IMPORT_KEY | | attempting to import private | 1163 | | | key. | 1164 +--------------------------------+--------------------------------+--------------------------------+ 1165 | SEC_ERR | -8098 | Unable to import. Error | 1166 | OR_PKCS12_IMPORTING_CERT_CHAIN | | attempting to import | 1167 | | | certificate chain. | 1168 +--------------------------------+--------------------------------+--------------------------------+ 1169 | SEC_ERROR_PKCS12_U | -8097 | Unable to export. Unable to | 1170 | NABLE_TO_LOCATE_OBJECT_BY_NAME | | locate certificate or key by | 1171 | | | nickname. | 1172 +--------------------------------+--------------------------------+--------------------------------+ 1173 | SEC_ERRO | -8096 | Unable to export. Private key | 1174 | R_PKCS12_UNABLE_TO_EXPORT_KEY | | could not be located and | 1175 | | | exported. | 1176 +--------------------------------+--------------------------------+--------------------------------+ 1177 | SE | -8095 | Unable to export. Unable to | 1178 | C_ERROR_PKCS12_UNABLE_TO_WRITE | | write the export file. | 1179 +--------------------------------+--------------------------------+--------------------------------+ 1180 | S | -8094 | Unable to import. Unable to | 1181 | EC_ERROR_PKCS12_UNABLE_TO_READ | | read the import file. | 1182 +--------------------------------+--------------------------------+--------------------------------+ 1183 | SEC_ERROR_PKCS1 | -8093 | Unable to export. Key database | 1184 | 2_KEY_DATABASE_NOT_INITIALIZED | | corrupt or deleted. | 1185 +--------------------------------+--------------------------------+--------------------------------+ 1186 | SEC_ERROR_KEYGEN_FAIL | -8092 | Unable to generate | 1187 | | | public-private key pair. | 1188 +--------------------------------+--------------------------------+--------------------------------+ 1189 | SEC_ERROR_INVALID_PASSWORD | -8091 | Password entered is invalid. | 1190 +--------------------------------+--------------------------------+--------------------------------+ 1191 | SEC_ERROR_RETRY_OLD_PASSWORD | -8090 | Old password entered | 1192 | | | incorrectly. | 1193 +--------------------------------+--------------------------------+--------------------------------+ 1194 | SEC_ERROR_BAD_NICKNAME | -8089 | Certificate nickname already | 1195 | | | in use. | 1196 +--------------------------------+--------------------------------+--------------------------------+ 1197 | SEC_ERROR_NOT_FORTEZZA_ISSUER | -8088 | Peer FORTEZZA chain has a | 1198 | | | non-FORTEZZA Certificate. | 1199 +--------------------------------+--------------------------------+--------------------------------+ 1200 | SEC_E | -8087 | "A sensitive key cannot be | 1201 | RROR_CANNOT_MOVE_SENSITIVE_KEY | | moved to the slot where it is | 1202 | | | needed." | 1203 +--------------------------------+--------------------------------+--------------------------------+ 1204 | SE | -8086 | Invalid module name. | 1205 | C_ERROR_JS_INVALID_MODULE_NAME | | | 1206 +--------------------------------+--------------------------------+--------------------------------+ 1207 | SEC_ERROR_JS_INVALID_DLL | -8085 | Invalid module path/filename. | 1208 +--------------------------------+--------------------------------+--------------------------------+ 1209 | SEC_ERROR_JS_ADD_MOD_FAILURE | -8084 | Unable to add module. | 1210 +--------------------------------+--------------------------------+--------------------------------+ 1211 | SEC_ERROR_JS_DEL_MOD_FAILURE | -8083 | Unable to delete module. | 1212 +--------------------------------+--------------------------------+--------------------------------+ 1213 | SEC_ERROR_OLD_KRL | -8082 | New KRL is not later than the | 1214 | | | current one. | 1215 +--------------------------------+--------------------------------+--------------------------------+ 1216 | SEC_ERROR_CKL_CONFLICT | -8081 | New CKL has different issuer | 1217 | | | than current CKL. | 1218 +--------------------------------+--------------------------------+--------------------------------+ 1219 | SE | -8080 | Certificate issuer is not | 1220 | C_ERROR_CERT_NOT_IN_NAME_SPACE | | permitted to issue a | 1221 | | | certificate with this name. | 1222 +--------------------------------+--------------------------------+--------------------------------+ 1223 | SEC_ERROR_KRL_NOT_YET_VALID | -8079 | "The key revocation list for | 1224 | | | this certificate is not yet | 1225 | | | valid." | 1226 +--------------------------------+--------------------------------+--------------------------------+ 1227 | SEC_ERROR_CRL_NOT_YET_VALID | -8078 | "The certificate revocation | 1228 | | | list for this certificate is | 1229 | | | not yet valid." | 1230 +--------------------------------+--------------------------------+--------------------------------+ 1231 | SEC_ERROR_UNKNOWN_CERT | -8077 | "The requested certificate | 1232 | | | could not be found." | 1233 +--------------------------------+--------------------------------+--------------------------------+ 1234 | SEC_ERROR_UNKNOWN_SIGNER | -8076 | "The signer's certificate | 1235 | | | could not be found." | 1236 +--------------------------------+--------------------------------+--------------------------------+ 1237 | SEC_ | -8075 | "The location for the | 1238 | ERROR_CERT_BAD_ACCESS_LOCATION | | certificate status server has | 1239 | | | invalid format." | 1240 +--------------------------------+--------------------------------+--------------------------------+ 1241 | SEC_ER | -8074 | "The OCSP response cannot be | 1242 | ROR_OCSP_UNKNOWN_RESPONSE_TYPE | | fully decoded; it is of an | 1243 | | | unknown type." | 1244 +--------------------------------+--------------------------------+--------------------------------+ 1245 | SE | -8073 | "The OCSP server returned | 1246 | C_ERROR_OCSP_BAD_HTTP_RESPONSE | | unexpected/invalid HTTP data." | 1247 +--------------------------------+--------------------------------+--------------------------------+ 1248 | SE | -8072 | "The OCSP server found the | 1249 | C_ERROR_OCSP_MALFORMED_REQUEST | | request to be corrupted or | 1250 | | | improperly formed." | 1251 +--------------------------------+--------------------------------+--------------------------------+ 1252 | SEC_ERROR_OCSP_SERVER_ERROR | -8071 | "The OCSP server experienced | 1253 | | | an internal error." | 1254 +--------------------------------+--------------------------------+--------------------------------+ 1255 | S | -8070 | "The OCSP server suggests | 1256 | EC_ERROR_OCSP_TRY_SERVER_LATER | | trying again later." | 1257 +--------------------------------+--------------------------------+--------------------------------+ 1258 | SE | -8069 | "The OCSP server requires a | 1259 | C_ERROR_OCSP_REQUEST_NEEDS_SIG | | signature on this request." | 1260 +--------------------------------+--------------------------------+--------------------------------+ 1261 | SEC_E | -8068 | "The OCSP server has refused | 1262 | RROR_OCSP_UNAUTHORIZED_REQUEST | | this request as unauthorized." | 1263 +--------------------------------+--------------------------------+--------------------------------+ 1264 | SEC_ERRO | -8067 | "The OCSP server returned an | 1265 | R_OCSP_UNKNOWN_RESPONSE_STATUS | | unrecognizable status." | 1266 +--------------------------------+--------------------------------+--------------------------------+ 1267 | SEC_ERROR_OCSP_UNKNOWN_CERT | -8066 | "The OCSP server has no status | 1268 | | | for the certificate." | 1269 +--------------------------------+--------------------------------+--------------------------------+ 1270 | SEC_ERROR_OCSP_NOT_ENABLED | -8065 | "You must enable OCSP before | 1271 | | | performing this operation." | 1272 +--------------------------------+--------------------------------+--------------------------------+ 1273 | SEC_E | -8064 | "You must set the OCSP default | 1274 | RROR_OCSP_NO_DEFAULT_RESPONDER | | responder before performing | 1275 | | | this operation." | 1276 +--------------------------------+--------------------------------+--------------------------------+ 1277 | SEC | -8063 | "The response from the OCSP | 1278 | _ERROR_OCSP_MALFORMED_RESPONSE | | server was corrupted or | 1279 | | | improperly formed." | 1280 +--------------------------------+--------------------------------+--------------------------------+ 1281 | SEC_ER | -8062 | "The signer of the OCSP | 1282 | ROR_OCSP_UNAUTHORIZED_RESPONSE | | response is not authorized to | 1283 | | | give status for this | 1284 | | | certificate." | 1285 +--------------------------------+--------------------------------+--------------------------------+ 1286 | SEC_ERROR_OCSP_FUTURE_RESPONSE | -8061 | "The OCSP response is not yet | 1287 | | | valid (contains a date in the | 1288 | | | future)." | 1289 +--------------------------------+--------------------------------+--------------------------------+ 1290 | SEC_ERROR_OCSP_OLD_RESPONSE | -8060 | "The OCSP response contains | 1291 | | | out-of-date information." | 1292 +--------------------------------+--------------------------------+--------------------------------+ 1293 | SEC_ERROR_DIGEST_NOT_FOUND | -8059 | "The CMS or PKCS #7 Digest was | 1294 | | | not found in signed message." | 1295 +--------------------------------+--------------------------------+--------------------------------+ 1296 | SEC_ | -8058 | "The CMS or PKCS #7 Message | 1297 | ERROR_UNSUPPORTED_MESSAGE_TYPE | | type is unsupported." | 1298 +--------------------------------+--------------------------------+--------------------------------+ 1299 | SEC_ERROR_MODULE_STUCK | -8057 | "PKCS #11 module could not be | 1300 | | | removed because it is still in | 1301 | | | use." | 1302 +--------------------------------+--------------------------------+--------------------------------+ 1303 | SEC_ERROR_BAD_TEMPLATE | -8056 | "Could not decode ASN.1 data. | 1304 | | | Specified template was | 1305 | | | invalid." | 1306 +--------------------------------+--------------------------------+--------------------------------+ 1307 | SEC_ERROR_CRL_NOT_FOUND | -8055 | "No matching CRL was found." | 1308 +--------------------------------+--------------------------------+--------------------------------+ 1309 | SEC_ | -8054 | "You are attempting to import | 1310 | ERROR_REUSED_ISSUER_AND_SERIAL | | a cert with the same | 1311 | | | issuer/serial as an existing | 1312 | | | cert, but that is not the same | 1313 | | | cert." | 1314 +--------------------------------+--------------------------------+--------------------------------+ 1315 | SEC_ERROR_BUSY | -8053 | "NSS could not shutdown. | 1316 | | | Objects are still in use." | 1317 +--------------------------------+--------------------------------+--------------------------------+ 1318 | SEC_ERROR_EXTRA_INPUT | -8052 | "DER-encoded message contained | 1319 | | | extra unused data." | 1320 +--------------------------------+--------------------------------+--------------------------------+ 1321 | SEC_ER | -8051 | "Unsupported elliptic curve." | 1322 | ROR_UNSUPPORTED_ELLIPTIC_CURVE | | | 1323 +--------------------------------+--------------------------------+--------------------------------+ 1324 | SEC_E | -8050 | "Unsupported elliptic curve | 1325 | RROR_UNSUPPORTED_EC_POINT_FORM | | point form." | 1326 +--------------------------------+--------------------------------+--------------------------------+ 1327 | SEC_ERROR_UNRECOGNIZED_OID | -8049 | "Unrecognized Object | 1328 | | | IDentifier." | 1329 +--------------------------------+--------------------------------+--------------------------------+ 1330 | SEC_E | -8048 | "Invalid OCSP signing | 1331 | RROR_OCSP_INVALID_SIGNING_CERT | | certificate in OCSP response." | 1332 +--------------------------------+--------------------------------+--------------------------------+ 1333 | SEC | -8047 | "Certificate is revoked in | 1334 | _ERROR_REVOKED_CERTIFICATE_CRL | | issuer's certificate | 1335 | | | revocation list." | 1336 +--------------------------------+--------------------------------+--------------------------------+ 1337 | SEC_ | -8046 | "Issuer's OCSP responder | 1338 | ERROR_REVOKED_CERTIFICATE_OCSP | | reports certificate is | 1339 | | | revoked." | 1340 +--------------------------------+--------------------------------+--------------------------------+ 1341 | SEC_ERROR_CRL_INVALID_VERSION | -8045 | "Issuer's Certificate | 1342 | | | Revocation List has an unknown | 1343 | | | version number." | 1344 +--------------------------------+--------------------------------+--------------------------------+ 1345 | SEC_E | -8044 | "Issuer's V1 Certificate | 1346 | RROR_CRL_V1_CRITICAL_EXTENSION | | Revocation List has a critical | 1347 | | | extension." | 1348 +--------------------------------+--------------------------------+--------------------------------+ 1349 | SEC_ERROR_ | -8043 | "Issuer's V2 Certificate | 1350 | CRL_UNKNOWN_CRITICAL_EXTENSION | | Revocation List has an unknown | 1351 | | | critical extension." | 1352 +--------------------------------+--------------------------------+--------------------------------+ 1353 | SEC_ERROR_UNKNOWN_OBJECT_TYPE | -8042 | "Unknown object type | 1354 | | | specified." | 1355 +--------------------------------+--------------------------------+--------------------------------+ 1356 | SEC_ERROR_INCOMPATIBLE_PKCS11 | -8041 | "PKCS #11 driver violates the | 1357 | | | spec in an incompatible way." | 1358 +--------------------------------+--------------------------------+--------------------------------+ 1359 | SEC_ERROR_NO_EVENT | -8040 | "No new slot event is | 1360 | | | available at this time." | 1361 +--------------------------------+--------------------------------+--------------------------------+ 1362 | SEC_ERROR_CRL_ALREADY_EXISTS | -8039 | "CRL already exists." | 1363 +--------------------------------+--------------------------------+--------------------------------+ 1364 | SEC_ERROR_NOT_INITIALIZED | -8038 | "NSS is not initialized." | 1365 +--------------------------------+--------------------------------+--------------------------------+ 1366 | SEC_ERROR_TOKEN_NOT_LOGGED_IN | -8037 | "The operation failed because | 1367 | | | the PKCS#11 token is not | 1368 | | | logged in." | 1369 +--------------------------------+--------------------------------+--------------------------------+ 1370 | SEC_ERR | -8036 | "The configured OCSP | 1371 | OR_OCSP_RESPONDER_CERT_INVALID | | responder's certificate is | 1372 | | | invalid." | 1373 +--------------------------------+--------------------------------+--------------------------------+ 1374 | SEC_ERROR_OCSP_BAD_SIGNATURE | -8035 | "OCSP response has an invalid | 1375 | | | signature." | 1376 +--------------------------------+--------------------------------+--------------------------------+ 1377 | SEC_ERROR_OUT_OF_SEARCH_LIMITS | -8034 | "Certification validation | 1378 | | | search is out of search | 1379 | | | limits." | 1380 +--------------------------------+--------------------------------+--------------------------------+ 1381 | SE | -8033 | "Policy mapping contains | 1382 | C_ERROR_INVALID_POLICY_MAPPING | | any-policy." | 1383 +--------------------------------+--------------------------------+--------------------------------+ 1384 | SEC_ | -8032 | "Certificate chain fails | 1385 | ERROR_POLICY_VALIDATION_FAILED | | policy validation." | 1386 +--------------------------------+--------------------------------+--------------------------------+ 1387 | SEC_E | -8031 | "Unknown location type in | 1388 | RROR_UNKNOWN_AIA_LOCATION_TYPE | | certificate AIA extension." | 1389 +--------------------------------+--------------------------------+--------------------------------+ 1390 | SEC_ERROR_BAD_HTTP_RESPONSE | -8030 | "Server returned a bad HTTP | 1391 | | | response." | 1392 +--------------------------------+--------------------------------+--------------------------------+ 1393 | SEC_ERROR_BAD_LDAP_RESPONSE | -8029 | "Server returned a bad LDAP | 1394 | | | response." | 1395 +--------------------------------+--------------------------------+--------------------------------+ 1396 | S | -8028 | "Failed to encode data with | 1397 | EC_ERROR_FAILED_TO_ENCODE_DATA | | ASN.1 encoder." | 1398 +--------------------------------+--------------------------------+--------------------------------+ 1399 | SEC_ | -8027 | "Bad information access | 1400 | ERROR_BAD_INFO_ACCESS_LOCATION | | location in certificate | 1401 | | | extension." | 1402 +--------------------------------+--------------------------------+--------------------------------+ 1403 | SEC_ERROR_LIBPKIX_INTERNAL | -8026 | "Libpkix internal error | 1404 | | | occurred during cert | 1405 | | | validation." | 1406 +--------------------------------+--------------------------------+--------------------------------+ 1407 | SEC_ERROR_PKCS11_GENERAL_ERROR | -8025 | "A PKCS #11 module returned | 1408 | | | CKR_GENERAL_ERROR, indicating | 1409 | | | that an unrecoverable error | 1410 | | | has occurred." | 1411 +--------------------------------+--------------------------------+--------------------------------+ 1412 | SE | -8024 | "A PKCS #11 module returned | 1413 | C_ERROR_PKCS11_FUNCTION_FAILED | | CKR_FUNCTION_FAILED, | 1414 | | | indicating that the requested | 1415 | | | function could not be | 1416 | | | performed. Trying the same | 1417 | | | operation again might | 1418 | | | succeed." | 1419 +--------------------------------+--------------------------------+--------------------------------+ 1420 | SEC_ERROR_PKCS11_DEVICE_ERROR | -8023 | "A PKCS #11 module returned | 1421 | | | CKR_DEVICE_ERROR, indicating | 1422 | | | that a problem has occurred | 1423 | | | with the token or slot." | 1424 +--------------------------------+--------------------------------+--------------------------------+ 1425 | SE | -8022 | "Unknown information access | 1426 | C_ERROR_BAD_INFO_ACCESS_METHOD | | method in certificate | 1427 | | | extension." | 1428 +--------------------------------+--------------------------------+--------------------------------+ 1429 | SEC_ERROR_CRL_IMPORT_FAILED | -8021 | "Error attempting to import a | 1430 | | | CRL." | 1431 +--------------------------------+--------------------------------+--------------------------------+ 1432 | SEC_ERROR_UNKNOWN_PKCS11_ERROR | -8018 | "Unknown PKCS #11 error." | 1433 | | | (unknown error value mapping) | 1434 +--------------------------------+--------------------------------+--------------------------------+