1 // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 //

    15 

    16 

    17 

    18 #ifndef __SSLERR_H__

    19 #define __SSLERR_H__

    20 

    21 /** Base offset for SSL errors. */

    22 #define SSL_ERROR_BASE -7400

    23 /** Base offset for SSL alerts. */

    24 #define SSL_ALERT_BASE 100

    25 

    26 /**

    27  * @file SSLErr.h

    28  * Error code definitions for TLS.

    29  */

    30 

    31 /**

    32  * No shared cipher was found.

    33  * The handshake failed because there was no available shared cipher supported by both the client and the server.

    34  */

    35 const TInt KErrSSLNoSharedCipher		= SSL_ERROR_BASE - 1;

    36 

    37 /**

    38  * The socket already has received data pending on it.

    39  * This error is seen when StartClientHandshake is called when

    40  * there is already data waiting to be read from the socket. */

    41 const TInt KErrSSLSocketBusy			= SSL_ERROR_BASE - 2;

    42 

    43 /** One or more cipher suites passed as an argument was invalid. */

    44 const TInt KErrSSLInvalidCipherSuite	= SSL_ERROR_BASE - 3;

    45 

    46 /**

    47  * The certificate that was passed as an argument was invalid. 

    48  * (this could be that actual certificate is not a valid certificate, or if 

    49  * certman handles are passed, it wasn't found in certman) */

    50 const TInt KErrSSLInvalidCert			= SSL_ERROR_BASE - 4;

    51 

    52 /** No client certificate was supplied. */

    53 const TInt KErrSSLNoClientCert			= SSL_ERROR_BASE - 5;

    54 

    55 /** The size of the key is too big. */

    56 const TInt KErrSSLUnsupportedKeySize	= SSL_ERROR_BASE - 6;

    57 

    58 /** General unsupported key error */

    59 const TInt KErrSSLUnsupportedKey		= SSL_ERROR_BASE - 7;

    60 

    61 /** An invalid record was received. */

    62 const TInt KErrSSLBadRecordHeader		= SSL_ERROR_BASE - 8; 

    63 

    64 //

    65 // Handshake related errors

    66 

    67 /** Invalid protocol version. */

    68 const TInt KErrSSLBadProtocolVersion	= SSL_ERROR_BASE - 9;

    69 

    70 /** The server only supports the SSL2.0 protocol. */

    71 const TInt KErrSSL2ServerOnly			= SSL_ERROR_BASE - 10;

    72 

    73 /** Unexpected message. */

    74 const TInt KErrSSLUnexpectedMessage		= SSL_ERROR_BASE - 11;

    75 

    76 /** Unsupported cipher. */

    77 const TInt KErrSSLUnsupportedCipher		= SSL_ERROR_BASE - 12;

    78 

    79 /** Bad MAC. */

    80 const TInt KErrSSLBadMAC				= SSL_ERROR_BASE - 13;

    81 

    82 /** An SSL alert was received from the remote end, which caused the connection to be terminated. */

    83 const TInt KErrSSLReceivedAlert			= SSL_ERROR_BASE - 14;

    84 

    85 

    86 /** An invalid handshake message was received. */

    87 const TInt KErrSSLRecvNotSupportedHS	= SSL_ERROR_BASE - 15;

    88 

    89 /** A field in the handshake record being parsed was too big. */

    90 const TInt KErrSSLHSRecordFieldTooBig	= SSL_ERROR_BASE - 16;

    91 

    92 /** Record header field too big. */

    93 const TInt KErrSSLRecordHeaderTooBig	= SSL_ERROR_BASE - 17;

    94 

    95 /** Send data field too big. */

    96 const TInt KErrSSLSendDataTooBig			= SSL_ERROR_BASE - 18;

    97 

    98 /** No certificate. */

    99 const TInt KErrSSLNoCertificate			= SSL_ERROR_BASE - 19;

   100 

   101 /** Invalid hash. */

   102 const TInt KErrSSLInvalidHash			= SSL_ERROR_BASE - 20;

   103 

   104 /** Send cancelled. */

   105 const TInt KErrSSLSendCanceled			= SSL_ERROR_BASE - 21;

   106 

   107 /** Receieve cancelled. */

   108 const TInt KErrSSLRecvCanceled			= SSL_ERROR_BASE - 22;

   109 

   110 /** CancelHandshake was called during one of the handshake methods. */

   111 const TInt KErrSSLHandshakeCanceled		= SSL_ERROR_BASE - 23;

   112 

   113 /** Write failed. */

   114 const TInt KErrSSLWriteFailed			= SSL_ERROR_BASE - 24;

   115 

   116 /** The SSL.dll couldn't be loaded by the adaptor. */

   117 const TInt KErrSSLFailedToLoad			= SSL_ERROR_BASE - 25;

   118 

   119 /** An unspecified error was signaled from the SSL.dll to the adaptor. */

   120 const TInt KErrSSLDisconnectIndication	= SSL_ERROR_BASE - 26;

   121 

   122 /** A leave occured in the SSL.dll. */

   123 const TInt KErrSSLDllLeave				= SSL_ERROR_BASE - 27;

   124 

   125 /** A leave occured in the SSL.dll. */

   126 const TInt KErrSSLNullTlsSession				= SSL_ERROR_BASE - 28;

   127 

   128 //

   129 // These error codes are equivalent to the standard TLS protocol Alert message 

   130 // errors as defined in the TLS RFC. They include all those defined in SSL3.0

   131 // The end number of each error is the same as per the RFC, so by using the

   132 // SSL_ERROR_BASE and SSL_ALERT_BASE defines, errors codes can be constructed

   133 // directly from the field within an alert message.

   134 /** Close notification. */

   135 const TInt KErrSSLAlertCloseNotify				= SSL_ERROR_BASE - SSL_ALERT_BASE - 0;

   136 /** An inappropriate message was received. */

   137 const TInt KErrSSLAlertUnexpectedMessage		= SSL_ERROR_BASE - SSL_ALERT_BASE - 10;

   138 /** A record was received with an incorrect MAC. */

   139 const TInt KErrSSLAlertBadRecordMac				= SSL_ERROR_BASE - SSL_ALERT_BASE - 20;

   140 /** A TLS cipher text was decrypted in an invalid way. */

   141 const TInt KErrSSLAlertDecryptionFailed			= SSL_ERROR_BASE - SSL_ALERT_BASE - 21;

   142 /** A TLS cipher text record was received which was too long. */

   143 const TInt KErrSSLAlertRecordOverflow			= SSL_ERROR_BASE - SSL_ALERT_BASE - 22;

   144 /** The decompression function received improper input. */

   145 const TInt KErrSSLAlertDecompressionFailure		= SSL_ERROR_BASE - SSL_ALERT_BASE - 30;

   146 /** With given the options available, the sender was unable to negotiate an acceptable 

   147 * set of security parameters . */

   148 const TInt KErrSSLAlertHandshakeFailure			= SSL_ERROR_BASE - SSL_ALERT_BASE - 40;

   149 /** No certificate. */

   150 const TInt KErrSSLAlertNoCertificate			= SSL_ERROR_BASE - SSL_ALERT_BASE - 41;

   151 /** A certificate was corrupt, e.g. contained signatures that could not be verified. */

   152 const TInt KErrSSLAlertBadCertificate			= SSL_ERROR_BASE - SSL_ALERT_BASE - 42;

   153 /** The certificate was of an unsupported type. */

   154 const TInt KErrSSLAlertUnsupportedCertificate	= SSL_ERROR_BASE - SSL_ALERT_BASE - 43;

   155 /** The certificate was revoked. */

   156 const TInt KErrSSLAlertCertificateRevoked		= SSL_ERROR_BASE - SSL_ALERT_BASE - 44;

   157 /** The certificate was expired. */

   158 const TInt KErrSSLAlertCertificateExpired		= SSL_ERROR_BASE - SSL_ALERT_BASE - 45;

   159 /** An unspecified problem with the certificate. Certificate can not be used. */

   160 const TInt KErrSSLAlertCertificateUnknown		= SSL_ERROR_BASE - SSL_ALERT_BASE - 46;

   161 /** A field in the handshake was out of range or inconsistent with other fields. */

   162 const TInt KErrSSLAlertIllegalParameter			= SSL_ERROR_BASE - SSL_ALERT_BASE - 47;

   163 

   164 /** The certificate was not accepted.

   165 * 

   166 * Either the CA certificate could not be located 

   167 * or the CA could not be matched with a known trusted CA. */

   168 const TInt KErrSSLAlertUnknownCA				= SSL_ERROR_BASE - SSL_ALERT_BASE - 48;

   169 /** A valid certificate was received, but the access control denied access. */

   170 const TInt KErrSSLAlertAccessDenied				= SSL_ERROR_BASE - SSL_ALERT_BASE - 49;

   171 /** A message could not be decoded, e.g. some field was out of the specified range. */

   172 const TInt KErrSSLAlertDecodeError				= SSL_ERROR_BASE - SSL_ALERT_BASE - 50;

   173 /** A handshake cryptographic operation failed. */

   174 const TInt KErrSSLAlertDecryptError				= SSL_ERROR_BASE - SSL_ALERT_BASE - 51;

   175 /** A negotiation was not allowed due to export restrictions. */

   176 const TInt KErrSSLAlertExportRestriction		= SSL_ERROR_BASE - SSL_ALERT_BASE - 60;

   177 /** The protocol version was not supported, e.g. the client has attempted to negotiate 

   178 * a recognised, but unsupported protocol. */

   179 const TInt KErrSSLAlertProtocolVersion			= SSL_ERROR_BASE - SSL_ALERT_BASE - 70;

   180 /** Returned instead of KErrSSLAlertHandshakeFailure when the negotiation fails 

   181 * because the server requests ciphers more secure than those supported by the client. */

   182 const TInt KErrSSLAlertInsufficientSecurity		= SSL_ERROR_BASE - SSL_ALERT_BASE - 71;

   183 /** An internal error. */

   184 const TInt KErrSSLAlertInternalError			= SSL_ERROR_BASE - SSL_ALERT_BASE - 80;

   185 /** This handshake is being cancelled by the user. */

   186 const TInt KErrSSLAlertUserCanceled				= SSL_ERROR_BASE - SSL_ALERT_BASE - 90;

   187 /** No renegotiation will be accepted. */

   188 const TInt KErrSSLAlertNoRenegotiation			= SSL_ERROR_BASE - SSL_ALERT_BASE - 100;

   189 

   190 

   191 #endif // __SSLERR_H__