Botan 3.6.1
Crypto and TLS for C&
cert_status.cpp
Go to the documentation of this file.
1/*
2* (C) 2016 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/pkix_enums.h>
8
9namespace Botan {
10
11const char* to_string(Certificate_Status_Code code) {
12 switch(code) {
13 case Certificate_Status_Code::VERIFIED:
14 return "Verified";
15 case Certificate_Status_Code::OCSP_RESPONSE_GOOD:
16 return "OCSP response accepted as affirming unrevoked status for certificate";
17 case Certificate_Status_Code::OCSP_SIGNATURE_OK:
18 return "Signature on OCSP response was found valid";
19 case Certificate_Status_Code::VALID_CRL_CHECKED:
20 return "Valid CRL examined";
21
22 case Certificate_Status_Code::CERT_SERIAL_NEGATIVE:
23 return "Certificate serial number is negative";
24 case Certificate_Status_Code::DN_TOO_LONG:
25 return "Distinguished name too long";
26 case Certificate_Status_Code::OCSP_NO_REVOCATION_URL:
27 return "OCSP URL not available";
28 case Certificate_Status_Code::OCSP_SERVER_NOT_AVAILABLE:
29 return "OCSP server not available";
30 case Certificate_Status_Code::TRUSTED_CERT_NOT_YET_VALID:
31 return "Trusted certificate is not yet valid";
32 case Certificate_Status_Code::TRUSTED_CERT_HAS_EXPIRED:
33 return "Trusted certificate has expired";
34 case Certificate_Status_Code::OCSP_ISSUER_NOT_TRUSTED:
35 return "OCSP issuer is not trustworthy";
36
37 case Certificate_Status_Code::NO_REVOCATION_DATA:
38 return "No revocation data";
39 case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK:
40 return "Signature method too weak";
41 case Certificate_Status_Code::UNTRUSTED_HASH:
42 return "Hash function used is considered too weak for security";
43
44 case Certificate_Status_Code::CERT_NOT_YET_VALID:
45 return "Certificate is not yet valid";
46 case Certificate_Status_Code::CERT_HAS_EXPIRED:
47 return "Certificate has expired";
48 case Certificate_Status_Code::OCSP_NOT_YET_VALID:
49 return "OCSP is not yet valid";
50 case Certificate_Status_Code::OCSP_HAS_EXPIRED:
51 return "OCSP response has expired";
52 case Certificate_Status_Code::OCSP_IS_TOO_OLD:
53 return "OCSP response is too old";
54 case Certificate_Status_Code::CRL_NOT_YET_VALID:
55 return "CRL response is not yet valid";
56 case Certificate_Status_Code::CRL_HAS_EXPIRED:
57 return "CRL has expired";
58
59 case Certificate_Status_Code::CERT_ISSUER_NOT_FOUND:
60 return "Certificate issuer not found";
61 case Certificate_Status_Code::CANNOT_ESTABLISH_TRUST:
62 return "Cannot establish trust";
63 case Certificate_Status_Code::CERT_CHAIN_LOOP:
64 return "Loop in certificate chain";
65 case Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT:
66 return "Certificate chain does not end in a CA certificate";
67 case Certificate_Status_Code::CHAIN_NAME_MISMATCH:
68 return "Certificate issuer does not match subject of issuing cert";
69
70 case Certificate_Status_Code::POLICY_ERROR:
71 return "Certificate policy error";
72 case Certificate_Status_Code::DUPLICATE_CERT_POLICY:
73 return "Certificate contains duplicate policy";
74 case Certificate_Status_Code::INVALID_USAGE:
75 return "Certificate does not allow the requested usage";
76 case Certificate_Status_Code::CERT_CHAIN_TOO_LONG:
77 return "Certificate chain too long";
78 case Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER:
79 return "CA certificate not allowed to issue certs";
80 case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER:
81 return "CA certificate not allowed to issue CRLs";
82 case Certificate_Status_Code::NO_MATCHING_CRLDP:
83 return "No CRL with matching distribution point for certificate";
84 case Certificate_Status_Code::OCSP_CERT_NOT_LISTED:
85 return "OCSP cert not listed";
86 case Certificate_Status_Code::OCSP_BAD_STATUS:
87 return "OCSP bad status";
88 case Certificate_Status_Code::CERT_NAME_NOMATCH:
89 return "Certificate does not match provided name";
90 case Certificate_Status_Code::NAME_CONSTRAINT_ERROR:
91 return "Certificate does not pass name constraint";
92 case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION:
93 return "Unknown critical extension encountered";
94 case Certificate_Status_Code::DUPLICATE_CERT_EXTENSION:
95 return "Duplicate certificate extension encountered";
96 case Certificate_Status_Code::EXT_IN_V1_V2_CERT:
97 return "Encountered extension in certificate with version that does not allow it";
98 case Certificate_Status_Code::V2_IDENTIFIERS_IN_V1_CERT:
99 return "Encountered v2 identifiers in v1 certificate";
100 case Certificate_Status_Code::OCSP_SIGNATURE_ERROR:
101 return "OCSP signature error";
102 case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND:
103 return "Unable to find certificate issusing OCSP response";
104 case Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE:
105 return "OCSP issuer's keyusage prohibits OCSP";
106 case Certificate_Status_Code::OCSP_RESPONSE_INVALID:
107 return "OCSP parsing valid";
108 case Certificate_Status_Code::OCSP_NO_HTTP:
109 return "OCSP requests not available, no HTTP support compiled in";
110 case Certificate_Status_Code::CERT_IS_REVOKED:
111 return "Certificate is revoked";
112 case Certificate_Status_Code::CRL_BAD_SIGNATURE:
113 return "CRL bad signature";
114 case Certificate_Status_Code::SIGNATURE_ERROR:
115 return "Signature error";
116 case Certificate_Status_Code::CERT_PUBKEY_INVALID:
117 return "Certificate public key invalid";
118 case Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN:
119 return "Certificate signed with unknown/unavailable algorithm";
120 case Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS:
121 return "Certificate signature has invalid parameters";
122
123 // intentionally no default so we are warned if new enum values are added
124 }
125
126 return nullptr;
127}
128
129} // namespace Botan
Botan::to_string
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
Botan::Certificate_Status_Code
Certificate_Status_Code
Definition pkix_enums.h:20
Generated by doxygen 1.12.0