static SECStatus nss_bad_cert_cb(void *arg, PRFileDesc *fd) { struct tls_connection *conn = arg; SECStatus res = SECSuccess; PRErrorCode err; CERTCertificate *cert; char *subject, *issuer; err = PR_GetError(); if (IS_SEC_ERROR(err)) wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (sec err " "%d)", err - SEC_ERROR_BASE); else wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (err %d)", err); cert = SSL_PeerCertificate(fd); subject = CERT_NameToAscii(&cert->subject); issuer = CERT_NameToAscii(&cert->issuer); wpa_printf(MSG_DEBUG, "NSS: Peer certificate subject='%s' issuer='%s'", subject, issuer); CERT_DestroyCertificate(cert); PR_Free(subject); PR_Free(issuer); if (conn->verify_peer) res = SECFailure; return res; }
const char * sec_errstr(int err) { const char *errString; if (IS_SEC_ERROR(err)) errString = SECErrorString(err); else errString = cssmErrorString(err); return errString; }
/* * This function takes an error code and associated error data * and creates a string containing a textual description of * what the error is and why it happened. * * The returned string is allocated and thus should be freed * once it has been used. */ PUBLIC char * NET_ExplainErrorDetails (int code, ...) { va_list args; char *msg = 0; int sub_error; va_start (args, code); if (IS_SSL_ERROR(code) || IS_SEC_ERROR(code)) { const char *s = XP_GetString(code); msg = (s ? XP_STRDUP(s) : 0); } if (!msg) switch(code) { case MK_INTERRUPTED: case MK_USE_FTP_INSTEAD: case MK_USE_COPY_FROM_CACHE: case MK_MAILTO_NOT_READY: case MK_UNABLE_TO_LOGIN: case MK_UNABLE_TO_CONVERT: case MK_IMAGE_LOSSAGE: /* image library generic error */ case MK_ERROR_SENDING_DATA_COMMAND: case MK_OFFLINE: msg = NULL; break; case MK_REDIRECT_ATTEMPT_NOT_ALLOWED: case MK_SERVER_TIMEOUT: case MK_CONNECTION_TIMED_OUT: case MK_OUT_OF_MEMORY: case MK_TIMEBOMB_URL_PROHIBIT: case MK_TIMEBOMB_MESSAGE: case MK_RELATIVE_TIMEBOMB_MESSAGE: case MK_NO_WAIS_PROXY: case MK_CREATING_NEWSRC_FILE: case MK_NNTP_SERVER_NOT_CONFIGURED: case MK_NNTP_NEWSGROUP_SCAN_ERROR: case MK_ZERO_LENGTH_FILE: case MK_BAD_CONNECT: case MK_UNABLE_TO_USE_PASV_FTP: case MK_UNABLE_TO_CHANGE_FTP_MODE: case MK_UNABLE_TO_FTP_CWD: case MK_UNABLE_TO_SEND_PORT_COMMAND: case MK_UNABLE_TO_ACCEPT_SOCKET: case MK_UNABLE_TO_CONNECT2: case MK_BAD_NNTP_CONNECTION: case MK_NNTP_SERVER_ERROR: case MK_SERVER_DISCONNECTED: case MK_NEWS_ITEM_UNAVAILABLE: case MK_UNABLE_TO_OPEN_NEWSRC: case MK_COULD_NOT_LOGIN_TO_SMTP_SERVER: case MK_MSG_NO_SMTP_HOST: case MK_COULD_NOT_GET_USERS_MAIL_ADDRESS: case MK_UNABLE_TO_CONNECT_TO_PROXY: case MK_UNABLE_TO_LOCATE_PROXY: case MK_DISK_FULL: case MK_PRINT_LOSSAGE: case MK_SECURE_NEWS_PROXY_ERROR: case MK_SIGNATURE_TOO_LONG: case MK_SIGNATURE_TOO_WIDE: case MK_POP3_SERVER_ERROR: case MK_POP3_USERNAME_UNDEFINED: case MK_POP3_PASSWORD_UNDEFINED: case MK_POP3_USERNAME_FAILURE: case MK_POP3_PASSWORD_FAILURE: case MK_POP3_NO_MESSAGES: case MK_POP3_LIST_FAILURE: case MK_POP3_LAST_FAILURE: case MK_POP3_RETR_FAILURE: case MK_POP3_DELE_FAILURE: case MK_POP3_OUT_OF_DISK_SPACE: case MK_POP3_MESSAGE_WRITE_ERROR: case MK_MIME_NO_SENDER: case MK_MIME_NO_RECIPIENTS: case MK_MIME_NO_SUBJECT: case MK_MIME_ERROR_WRITING_FILE: case MK_MIME_MULTIPART_BLURB: case MK_MSG_CANT_COPY_TO_SAME_FOLDER: case MK_MSG_CANT_COPY_TO_QUEUE_FOLDER: case MK_MSG_CANT_COPY_TO_QUEUE_FOLDER_OLD: case MK_MSG_CANT_COPY_TO_DRAFTS_FOLDER: case MK_MSG_CANT_CREATE_FOLDER: case MK_MSG_FOLDER_ALREADY_EXISTS: case MK_MSG_FOLDER_NOT_EMPTY: case MK_MSG_CANT_DELETE_FOLDER: case MK_MSG_CANT_CREATE_INBOX: case MK_MSG_CANT_CREATE_MAIL_DIR: case MK_MSG_NO_POP_HOST: case MK_MSG_MESSAGE_CANCELLED: case MK_MSG_FOLDER_UNREADABLE: case MK_MSG_FOLDER_SUMMARY_UNREADABLE: case MK_MSG_TMP_FOLDER_UNWRITABLE: case MK_MSG_ID_NOT_IN_FOLDER: case MK_MSG_NEWSRC_UNPARSABLE: case MK_MSG_NO_RETURN_ADDRESS: case MK_MSG_ERROR_WRITING_NEWSRC: case MK_MSG_ERROR_WRITING_MAIL_FOLDER: case MK_MSG_SEARCH_FAILED: case MK_MSG_FOLDER_BUSY: msg = XP_STRDUP(XP_GetString(code)); break; case MK_TCP_READ_ERROR: case MK_TCP_WRITE_ERROR: case MK_UNABLE_TO_CREATE_SOCKET: case MK_UNABLE_TO_CONNECT: case MK_HTTP_TYPE_CONFLICT: case MK_TCP_ERROR: sub_error = va_arg(args, int); if (IS_SSL_ERROR(sub_error) || IS_SEC_ERROR(sub_error)) { /* * For SSL/SEC errors, use the message without a wrapper. */ msg = XP_STRDUP(XP_GetString(sub_error)); } else if (code == MK_UNABLE_TO_CONNECT && (sub_error == XP_ERRNO_EINVAL || sub_error == XP_ERRNO_EADDRINUSE)) { /* * With unable-to-connect errors, some errno values/strings * are not more helpful, so just use a plain message for these. */ msg = XP_STRDUP(XP_GetString(MK_UNABLE_TO_CONNECT2)); } else { msg = PR_smprintf(XP_GetString(code), XP_GetString(sub_error)); } break; case MK_MALFORMED_URL_ERROR: case MK_COULD_NOT_PUT_FILE: case MK_UNABLE_TO_LOCATE_FILE: case MK_NNTP_AUTH_FAILED: case MK_UNABLE_TO_LOCATE_HOST: case MK_UNABLE_TO_LOCATE_SOCKS_HOST: case MK_UNABLE_TO_OPEN_FILE: case MK_UNABLE_TO_OPEN_TMP_FILE: case MK_CONNECTION_REFUSED: case MK_NNTP_ERROR_MESSAGE: case MK_MSG_COULDNT_OPEN_FCC_FILE: case MK_TIMEBOMB_WARNING_MESSAGE: case MK_RELATIVE_TIMEBOMB_WARNING_MESSAGE: case MK_ERROR_SENDING_FROM_COMMAND: case MK_ERROR_SENDING_RCPT_COMMAND: case MK_ERROR_SENDING_MESSAGE: case MK_SMTP_SERVER_ERROR: msg = PR_vsmprintf(XP_GetString(code), args); break; case -1: default: msg = PR_smprintf(XP_GetString(MK_COMMUNICATIONS_ERROR), code); break; } va_end (args); TRACEMSG(("NET_ExplainErrorDetails generated: %s", msg ? msg : "(none)")); return(msg); }
/* * Munge an OSStatus returned from libsecurity_smime, which may well be an ASN.1 private * error code, to a real OSStatus. */ OSStatus cmsRtnToOSStatus( OSStatus smimeRtn, // from libsecurity_smime OSStatus defaultRtn) // use this if we can't map smimeRtn { if(smimeRtn == SECFailure) { /* This is a SECStatus. Try to get detailed error info. */ smimeRtn = PORT_GetError(); if(smimeRtn == 0) { /* S/MIME just gave us generic error; no further info available; punt. */ dprintf("cmsRtnToOSStatus: SECFailure, no status avilable\n"); return defaultRtn ? defaultRtn : errSecInternalComponent; } /* else proceed to map smimeRtn to OSStatus */ } if(!IS_SEC_ERROR(smimeRtn)) { /* isn't ASN.1 or S/MIME error; use as is. */ return smimeRtn; } /* Convert SECErrorCodes to OSStatus */ switch(smimeRtn) { case SEC_ERROR_BAD_DER: case SEC_ERROR_BAD_DATA: return errSecUnknownFormat; case SEC_ERROR_NO_MEMORY: return errSecAllocate; case SEC_ERROR_IO: return errSecIO; case SEC_ERROR_OUTPUT_LEN: case SEC_ERROR_INPUT_LEN: case SEC_ERROR_INVALID_ARGS: case SEC_ERROR_INVALID_ALGORITHM: case SEC_ERROR_INVALID_AVA: case SEC_ERROR_INVALID_TIME: return errSecParam; case SEC_ERROR_PKCS7_BAD_SIGNATURE: case SEC_ERROR_BAD_SIGNATURE: return CSSMERR_CSP_VERIFY_FAILED; case SEC_ERROR_EXPIRED_CERTIFICATE: case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return CSSMERR_TP_CERT_EXPIRED; case SEC_ERROR_REVOKED_CERTIFICATE: return CSSMERR_TP_CERT_REVOKED; case SEC_ERROR_UNKNOWN_ISSUER: case SEC_ERROR_UNTRUSTED_ISSUER: case SEC_ERROR_UNTRUSTED_CERT: return CSSMERR_TP_NOT_TRUSTED; case SEC_ERROR_CERT_USAGES_INVALID: case SEC_ERROR_INADEQUATE_KEY_USAGE: return CSSMERR_CSP_KEY_USAGE_INCORRECT; case SEC_INTERNAL_ONLY: return errSecInternalComponent; case SEC_ERROR_NO_USER_INTERACTION: return errSecInteractionNotAllowed; case SEC_ERROR_USER_CANCELLED: return errSecUserCanceled; default: dprintf("cmsRtnToOSStatus: smimeRtn 0x%x\n", smimeRtn); return defaultRtn ? defaultRtn : errSecInternalComponent; } }