1 // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
21 /** Base offset for SSL errors. */
22 #define SSL_ERROR_BASE -7400
23 /** Base offset for SSL alerts. */
24 #define SSL_ALERT_BASE 100
28 * Error code definitions for TLS.
32 * No shared cipher was found.
33 * The handshake failed because there was no available shared cipher supported by both the client and the server.
35 const TInt KErrSSLNoSharedCipher = SSL_ERROR_BASE - 1;
38 * The socket already has received data pending on it.
39 * This error is seen when StartClientHandshake is called when
40 * there is already data waiting to be read from the socket. */
41 const TInt KErrSSLSocketBusy = SSL_ERROR_BASE - 2;
43 /** One or more cipher suites passed as an argument was invalid. */
44 const TInt KErrSSLInvalidCipherSuite = SSL_ERROR_BASE - 3;
47 * The certificate that was passed as an argument was invalid.
48 * (this could be that actual certificate is not a valid certificate, or if
49 * certman handles are passed, it wasn't found in certman) */
50 const TInt KErrSSLInvalidCert = SSL_ERROR_BASE - 4;
52 /** No client certificate was supplied. */
53 const TInt KErrSSLNoClientCert = SSL_ERROR_BASE - 5;
55 /** The size of the key is too big. */
56 const TInt KErrSSLUnsupportedKeySize = SSL_ERROR_BASE - 6;
58 /** General unsupported key error */
59 const TInt KErrSSLUnsupportedKey = SSL_ERROR_BASE - 7;
61 /** An invalid record was received. */
62 const TInt KErrSSLBadRecordHeader = SSL_ERROR_BASE - 8;
65 // Handshake related errors
67 /** Invalid protocol version. */
68 const TInt KErrSSLBadProtocolVersion = SSL_ERROR_BASE - 9;
70 /** The server only supports the SSL2.0 protocol. */
71 const TInt KErrSSL2ServerOnly = SSL_ERROR_BASE - 10;
73 /** Unexpected message. */
74 const TInt KErrSSLUnexpectedMessage = SSL_ERROR_BASE - 11;
76 /** Unsupported cipher. */
77 const TInt KErrSSLUnsupportedCipher = SSL_ERROR_BASE - 12;
80 const TInt KErrSSLBadMAC = SSL_ERROR_BASE - 13;
82 /** An SSL alert was received from the remote end, which caused the connection to be terminated. */
83 const TInt KErrSSLReceivedAlert = SSL_ERROR_BASE - 14;
86 /** An invalid handshake message was received. */
87 const TInt KErrSSLRecvNotSupportedHS = SSL_ERROR_BASE - 15;
89 /** A field in the handshake record being parsed was too big. */
90 const TInt KErrSSLHSRecordFieldTooBig = SSL_ERROR_BASE - 16;
92 /** Record header field too big. */
93 const TInt KErrSSLRecordHeaderTooBig = SSL_ERROR_BASE - 17;
95 /** Send data field too big. */
96 const TInt KErrSSLSendDataTooBig = SSL_ERROR_BASE - 18;
98 /** No certificate. */
99 const TInt KErrSSLNoCertificate = SSL_ERROR_BASE - 19;
102 const TInt KErrSSLInvalidHash = SSL_ERROR_BASE - 20;
104 /** Send cancelled. */
105 const TInt KErrSSLSendCanceled = SSL_ERROR_BASE - 21;
107 /** Receieve cancelled. */
108 const TInt KErrSSLRecvCanceled = SSL_ERROR_BASE - 22;
110 /** CancelHandshake was called during one of the handshake methods. */
111 const TInt KErrSSLHandshakeCanceled = SSL_ERROR_BASE - 23;
114 const TInt KErrSSLWriteFailed = SSL_ERROR_BASE - 24;
116 /** The SSL.dll couldn't be loaded by the adaptor. */
117 const TInt KErrSSLFailedToLoad = SSL_ERROR_BASE - 25;
119 /** An unspecified error was signaled from the SSL.dll to the adaptor. */
120 const TInt KErrSSLDisconnectIndication = SSL_ERROR_BASE - 26;
122 /** A leave occured in the SSL.dll. */
123 const TInt KErrSSLDllLeave = SSL_ERROR_BASE - 27;
125 /** A leave occured in the SSL.dll. */
126 const TInt KErrSSLNullTlsSession = SSL_ERROR_BASE - 28;
129 // These error codes are equivalent to the standard TLS protocol Alert message
130 // errors as defined in the TLS RFC. They include all those defined in SSL3.0
131 // The end number of each error is the same as per the RFC, so by using the
132 // SSL_ERROR_BASE and SSL_ALERT_BASE defines, errors codes can be constructed
133 // directly from the field within an alert message.
134 /** Close notification. */
135 const TInt KErrSSLAlertCloseNotify = SSL_ERROR_BASE - SSL_ALERT_BASE - 0;
136 /** An inappropriate message was received. */
137 const TInt KErrSSLAlertUnexpectedMessage = SSL_ERROR_BASE - SSL_ALERT_BASE - 10;
138 /** A record was received with an incorrect MAC. */
139 const TInt KErrSSLAlertBadRecordMac = SSL_ERROR_BASE - SSL_ALERT_BASE - 20;
140 /** A TLS cipher text was decrypted in an invalid way. */
141 const TInt KErrSSLAlertDecryptionFailed = SSL_ERROR_BASE - SSL_ALERT_BASE - 21;
142 /** A TLS cipher text record was received which was too long. */
143 const TInt KErrSSLAlertRecordOverflow = SSL_ERROR_BASE - SSL_ALERT_BASE - 22;
144 /** The decompression function received improper input. */
145 const TInt KErrSSLAlertDecompressionFailure = SSL_ERROR_BASE - SSL_ALERT_BASE - 30;
146 /** With given the options available, the sender was unable to negotiate an acceptable
147 * set of security parameters . */
148 const TInt KErrSSLAlertHandshakeFailure = SSL_ERROR_BASE - SSL_ALERT_BASE - 40;
149 /** No certificate. */
150 const TInt KErrSSLAlertNoCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 41;
151 /** A certificate was corrupt, e.g. contained signatures that could not be verified. */
152 const TInt KErrSSLAlertBadCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 42;
153 /** The certificate was of an unsupported type. */
154 const TInt KErrSSLAlertUnsupportedCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 43;
155 /** The certificate was revoked. */
156 const TInt KErrSSLAlertCertificateRevoked = SSL_ERROR_BASE - SSL_ALERT_BASE - 44;
157 /** The certificate was expired. */
158 const TInt KErrSSLAlertCertificateExpired = SSL_ERROR_BASE - SSL_ALERT_BASE - 45;
159 /** An unspecified problem with the certificate. Certificate can not be used. */
160 const TInt KErrSSLAlertCertificateUnknown = SSL_ERROR_BASE - SSL_ALERT_BASE - 46;
161 /** A field in the handshake was out of range or inconsistent with other fields. */
162 const TInt KErrSSLAlertIllegalParameter = SSL_ERROR_BASE - SSL_ALERT_BASE - 47;
164 /** The certificate was not accepted.
166 * Either the CA certificate could not be located
167 * or the CA could not be matched with a known trusted CA. */
168 const TInt KErrSSLAlertUnknownCA = SSL_ERROR_BASE - SSL_ALERT_BASE - 48;
169 /** A valid certificate was received, but the access control denied access. */
170 const TInt KErrSSLAlertAccessDenied = SSL_ERROR_BASE - SSL_ALERT_BASE - 49;
171 /** A message could not be decoded, e.g. some field was out of the specified range. */
172 const TInt KErrSSLAlertDecodeError = SSL_ERROR_BASE - SSL_ALERT_BASE - 50;
173 /** A handshake cryptographic operation failed. */
174 const TInt KErrSSLAlertDecryptError = SSL_ERROR_BASE - SSL_ALERT_BASE - 51;
175 /** A negotiation was not allowed due to export restrictions. */
176 const TInt KErrSSLAlertExportRestriction = SSL_ERROR_BASE - SSL_ALERT_BASE - 60;
177 /** The protocol version was not supported, e.g. the client has attempted to negotiate
178 * a recognised, but unsupported protocol. */
179 const TInt KErrSSLAlertProtocolVersion = SSL_ERROR_BASE - SSL_ALERT_BASE - 70;
180 /** Returned instead of KErrSSLAlertHandshakeFailure when the negotiation fails
181 * because the server requests ciphers more secure than those supported by the client. */
182 const TInt KErrSSLAlertInsufficientSecurity = SSL_ERROR_BASE - SSL_ALERT_BASE - 71;
183 /** An internal error. */
184 const TInt KErrSSLAlertInternalError = SSL_ERROR_BASE - SSL_ALERT_BASE - 80;
185 /** This handshake is being cancelled by the user. */
186 const TInt KErrSSLAlertUserCanceled = SSL_ERROR_BASE - SSL_ALERT_BASE - 90;
187 /** No renegotiation will be accepted. */
188 const TInt KErrSSLAlertNoRenegotiation = SSL_ERROR_BASE - SSL_ALERT_BASE - 100;
191 #endif // __SSLERR_H__