static SECStatus nss_bad_cert_cb(void *arg, PRFileDesc *fd) {
struct tls_connection *conn = arg;
SECStatus res = SECSuccess;
PRErrorCode err;
CERTCertificate *cert;
char *subject, *issuer;
err = PR_GetError();
if (IS_SEC_ERROR(err))
wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (sec err "
"%d)", err - SEC_ERROR_BASE);
else
wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (err %d)",
err);
cert = SSL_PeerCertificate(fd);
subject = CERT_NameToAscii(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
wpa_printf(MSG_DEBUG, "NSS: Peer certificate subject='%s' issuer='%s'",
subject, issuer);
CERT_DestroyCertificate(cert);
PR_Free(subject);
PR_Free(issuer);
if (conn->verify_peer)
res = SECFailure;
return res;
}
const char *
sec_errstr(int err)
{
const char *errString;
if (IS_SEC_ERROR(err))
errString = SECErrorString(err);
else
errString = cssmErrorString(err);
return errString;
}
/*
* This function takes an error code and associated error data
* and creates a string containing a textual description of
* what the error is and why it happened.
*
* The returned string is allocated and thus should be freed
* once it has been used.
*/
PUBLIC char *
NET_ExplainErrorDetails (int code, ...)
{
va_list args;
char *msg = 0;
int sub_error;
va_start (args, code);
if (IS_SSL_ERROR(code) || IS_SEC_ERROR(code)) {
const char *s = XP_GetString(code);
msg = (s ? XP_STRDUP(s) : 0);
}
if (!msg)
switch(code) {
case MK_INTERRUPTED:
case MK_USE_FTP_INSTEAD:
case MK_USE_COPY_FROM_CACHE:
case MK_MAILTO_NOT_READY:
case MK_UNABLE_TO_LOGIN:
case MK_UNABLE_TO_CONVERT:
case MK_IMAGE_LOSSAGE: /* image library generic error */
case MK_ERROR_SENDING_DATA_COMMAND:
case MK_OFFLINE:
msg = NULL;
break;
case MK_REDIRECT_ATTEMPT_NOT_ALLOWED:
case MK_SERVER_TIMEOUT:
case MK_CONNECTION_TIMED_OUT:
case MK_OUT_OF_MEMORY:
case MK_TIMEBOMB_URL_PROHIBIT:
case MK_TIMEBOMB_MESSAGE:
case MK_RELATIVE_TIMEBOMB_MESSAGE:
case MK_NO_WAIS_PROXY:
case MK_CREATING_NEWSRC_FILE:
case MK_NNTP_SERVER_NOT_CONFIGURED:
case MK_NNTP_NEWSGROUP_SCAN_ERROR:
case MK_ZERO_LENGTH_FILE:
case MK_BAD_CONNECT:
case MK_UNABLE_TO_USE_PASV_FTP:
case MK_UNABLE_TO_CHANGE_FTP_MODE:
case MK_UNABLE_TO_FTP_CWD:
case MK_UNABLE_TO_SEND_PORT_COMMAND:
case MK_UNABLE_TO_ACCEPT_SOCKET:
case MK_UNABLE_TO_CONNECT2:
case MK_BAD_NNTP_CONNECTION:
case MK_NNTP_SERVER_ERROR:
case MK_SERVER_DISCONNECTED:
case MK_NEWS_ITEM_UNAVAILABLE:
case MK_UNABLE_TO_OPEN_NEWSRC:
case MK_COULD_NOT_LOGIN_TO_SMTP_SERVER:
case MK_MSG_NO_SMTP_HOST:
case MK_COULD_NOT_GET_USERS_MAIL_ADDRESS:
case MK_UNABLE_TO_CONNECT_TO_PROXY:
case MK_UNABLE_TO_LOCATE_PROXY:
case MK_DISK_FULL:
case MK_PRINT_LOSSAGE:
case MK_SECURE_NEWS_PROXY_ERROR:
case MK_SIGNATURE_TOO_LONG:
case MK_SIGNATURE_TOO_WIDE:
case MK_POP3_SERVER_ERROR:
case MK_POP3_USERNAME_UNDEFINED:
case MK_POP3_PASSWORD_UNDEFINED:
case MK_POP3_USERNAME_FAILURE:
case MK_POP3_PASSWORD_FAILURE:
case MK_POP3_NO_MESSAGES:
case MK_POP3_LIST_FAILURE:
case MK_POP3_LAST_FAILURE:
case MK_POP3_RETR_FAILURE:
case MK_POP3_DELE_FAILURE:
case MK_POP3_OUT_OF_DISK_SPACE:
case MK_POP3_MESSAGE_WRITE_ERROR:
case MK_MIME_NO_SENDER:
case MK_MIME_NO_RECIPIENTS:
case MK_MIME_NO_SUBJECT:
case MK_MIME_ERROR_WRITING_FILE:
case MK_MIME_MULTIPART_BLURB:
case MK_MSG_CANT_COPY_TO_SAME_FOLDER:
case MK_MSG_CANT_COPY_TO_QUEUE_FOLDER:
case MK_MSG_CANT_COPY_TO_QUEUE_FOLDER_OLD:
case MK_MSG_CANT_COPY_TO_DRAFTS_FOLDER:
case MK_MSG_CANT_CREATE_FOLDER:
case MK_MSG_FOLDER_ALREADY_EXISTS:
case MK_MSG_FOLDER_NOT_EMPTY:
case MK_MSG_CANT_DELETE_FOLDER:
case MK_MSG_CANT_CREATE_INBOX:
case MK_MSG_CANT_CREATE_MAIL_DIR:
case MK_MSG_NO_POP_HOST:
case MK_MSG_MESSAGE_CANCELLED:
case MK_MSG_FOLDER_UNREADABLE:
case MK_MSG_FOLDER_SUMMARY_UNREADABLE:
case MK_MSG_TMP_FOLDER_UNWRITABLE:
case MK_MSG_ID_NOT_IN_FOLDER:
case MK_MSG_NEWSRC_UNPARSABLE:
case MK_MSG_NO_RETURN_ADDRESS:
case MK_MSG_ERROR_WRITING_NEWSRC:
case MK_MSG_ERROR_WRITING_MAIL_FOLDER:
case MK_MSG_SEARCH_FAILED:
case MK_MSG_FOLDER_BUSY:
msg = XP_STRDUP(XP_GetString(code));
break;
case MK_TCP_READ_ERROR:
case MK_TCP_WRITE_ERROR:
case MK_UNABLE_TO_CREATE_SOCKET:
case MK_UNABLE_TO_CONNECT:
case MK_HTTP_TYPE_CONFLICT:
case MK_TCP_ERROR:
sub_error = va_arg(args, int);
if (IS_SSL_ERROR(sub_error) || IS_SEC_ERROR(sub_error)) {
/*
* For SSL/SEC errors, use the message without a wrapper.
*/
msg = XP_STRDUP(XP_GetString(sub_error));
} else if (code == MK_UNABLE_TO_CONNECT &&
(sub_error == XP_ERRNO_EINVAL
|| sub_error == XP_ERRNO_EADDRINUSE)) {
/*
* With unable-to-connect errors, some errno values/strings
* are not more helpful, so just use a plain message for these.
*/
msg = XP_STRDUP(XP_GetString(MK_UNABLE_TO_CONNECT2));
} else {
msg = PR_smprintf(XP_GetString(code), XP_GetString(sub_error));
}
break;
case MK_MALFORMED_URL_ERROR:
case MK_COULD_NOT_PUT_FILE:
case MK_UNABLE_TO_LOCATE_FILE:
case MK_NNTP_AUTH_FAILED:
case MK_UNABLE_TO_LOCATE_HOST:
case MK_UNABLE_TO_LOCATE_SOCKS_HOST:
case MK_UNABLE_TO_OPEN_FILE:
case MK_UNABLE_TO_OPEN_TMP_FILE:
case MK_CONNECTION_REFUSED:
case MK_NNTP_ERROR_MESSAGE:
case MK_MSG_COULDNT_OPEN_FCC_FILE:
case MK_TIMEBOMB_WARNING_MESSAGE:
case MK_RELATIVE_TIMEBOMB_WARNING_MESSAGE:
case MK_ERROR_SENDING_FROM_COMMAND:
case MK_ERROR_SENDING_RCPT_COMMAND:
case MK_ERROR_SENDING_MESSAGE:
case MK_SMTP_SERVER_ERROR:
msg = PR_vsmprintf(XP_GetString(code), args);
break;
case -1:
default:
msg = PR_smprintf(XP_GetString(MK_COMMUNICATIONS_ERROR), code);
break;
}
va_end (args);
TRACEMSG(("NET_ExplainErrorDetails generated: %s", msg ? msg : "(none)"));
return(msg);
}
/*
* Munge an OSStatus returned from libsecurity_smime, which may well be an ASN.1 private
* error code, to a real OSStatus.
*/
OSStatus cmsRtnToOSStatus(
OSStatus smimeRtn, // from libsecurity_smime
OSStatus defaultRtn) // use this if we can't map smimeRtn
{
if(smimeRtn == SECFailure) {
/* This is a SECStatus. Try to get detailed error info. */
smimeRtn = PORT_GetError();
if(smimeRtn == 0) {
/* S/MIME just gave us generic error; no further info available; punt. */
dprintf("cmsRtnToOSStatus: SECFailure, no status avilable\n");
return defaultRtn ? defaultRtn : errSecInternalComponent;
}
/* else proceed to map smimeRtn to OSStatus */
}
if(!IS_SEC_ERROR(smimeRtn)) {
/* isn't ASN.1 or S/MIME error; use as is. */
return smimeRtn;
}
/* Convert SECErrorCodes to OSStatus */
switch(smimeRtn) {
case SEC_ERROR_BAD_DER:
case SEC_ERROR_BAD_DATA:
return errSecUnknownFormat;
case SEC_ERROR_NO_MEMORY:
return errSecAllocate;
case SEC_ERROR_IO:
return errSecIO;
case SEC_ERROR_OUTPUT_LEN:
case SEC_ERROR_INPUT_LEN:
case SEC_ERROR_INVALID_ARGS:
case SEC_ERROR_INVALID_ALGORITHM:
case SEC_ERROR_INVALID_AVA:
case SEC_ERROR_INVALID_TIME:
return errSecParam;
case SEC_ERROR_PKCS7_BAD_SIGNATURE:
case SEC_ERROR_BAD_SIGNATURE:
return CSSMERR_CSP_VERIFY_FAILED;
case SEC_ERROR_EXPIRED_CERTIFICATE:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
return CSSMERR_TP_CERT_EXPIRED;
case SEC_ERROR_REVOKED_CERTIFICATE:
return CSSMERR_TP_CERT_REVOKED;
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_ISSUER:
case SEC_ERROR_UNTRUSTED_CERT:
return CSSMERR_TP_NOT_TRUSTED;
case SEC_ERROR_CERT_USAGES_INVALID:
case SEC_ERROR_INADEQUATE_KEY_USAGE:
return CSSMERR_CSP_KEY_USAGE_INCORRECT;
case SEC_INTERNAL_ONLY:
return errSecInternalComponent;
case SEC_ERROR_NO_USER_INTERACTION:
return errSecInteractionNotAllowed;
case SEC_ERROR_USER_CANCELLED:
return errSecUserCanceled;
default:
dprintf("cmsRtnToOSStatus: smimeRtn 0x%x\n", smimeRtn);
return defaultRtn ? defaultRtn : errSecInternalComponent;
}
}
