williamr@2: // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: // All rights reserved. williamr@2: // This component and the accompanying materials are made available williamr@2: // under the terms of the License "Symbian Foundation License v1.0" to Symbian Foundation members and "Symbian Foundation End User License Agreement v1.0" to non-members williamr@2: // which accompanies this distribution, and is available williamr@2: // at the URL "http://www.symbianfoundation.org/legal/licencesv10.html". williamr@2: // williamr@2: // Initial Contributors: williamr@2: // Nokia Corporation - initial contribution. williamr@2: // williamr@2: // Contributors: williamr@2: // williamr@2: // Description: williamr@2: // williamr@2: williamr@2: williamr@2: williamr@2: #ifndef __SSLERR_H__ williamr@2: #define __SSLERR_H__ williamr@2: williamr@2: /** Base offset for SSL errors. */ williamr@2: #define SSL_ERROR_BASE -7400 williamr@2: /** Base offset for SSL alerts. */ williamr@2: #define SSL_ALERT_BASE 100 williamr@2: williamr@2: /** williamr@2: * @file SSLErr.h williamr@2: * Error code definitions for TLS. williamr@2: */ williamr@2: williamr@2: /** williamr@2: * No shared cipher was found. williamr@2: * The handshake failed because there was no available shared cipher supported by both the client and the server. williamr@2: */ williamr@2: const TInt KErrSSLNoSharedCipher = SSL_ERROR_BASE - 1; williamr@2: williamr@2: /** williamr@2: * The socket already has received data pending on it. williamr@2: * This error is seen when StartClientHandshake is called when williamr@2: * there is already data waiting to be read from the socket. */ williamr@2: const TInt KErrSSLSocketBusy = SSL_ERROR_BASE - 2; williamr@2: williamr@2: /** One or more cipher suites passed as an argument was invalid. */ williamr@2: const TInt KErrSSLInvalidCipherSuite = SSL_ERROR_BASE - 3; williamr@2: williamr@2: /** williamr@2: * The certificate that was passed as an argument was invalid. williamr@2: * (this could be that actual certificate is not a valid certificate, or if williamr@2: * certman handles are passed, it wasn't found in certman) */ williamr@2: const TInt KErrSSLInvalidCert = SSL_ERROR_BASE - 4; williamr@2: williamr@2: /** No client certificate was supplied. */ williamr@2: const TInt KErrSSLNoClientCert = SSL_ERROR_BASE - 5; williamr@2: williamr@2: /** The size of the key is too big. */ williamr@2: const TInt KErrSSLUnsupportedKeySize = SSL_ERROR_BASE - 6; williamr@2: williamr@2: /** General unsupported key error */ williamr@2: const TInt KErrSSLUnsupportedKey = SSL_ERROR_BASE - 7; williamr@2: williamr@2: /** An invalid record was received. */ williamr@2: const TInt KErrSSLBadRecordHeader = SSL_ERROR_BASE - 8; williamr@2: williamr@2: ///////////////////////////////////////////////////// williamr@2: // Handshake related errors williamr@2: williamr@2: /** Invalid protocol version. */ williamr@2: const TInt KErrSSLBadProtocolVersion = SSL_ERROR_BASE - 9; williamr@2: williamr@2: /** The server only supports the SSL2.0 protocol. */ williamr@2: const TInt KErrSSL2ServerOnly = SSL_ERROR_BASE - 10; williamr@2: williamr@2: /** Unexpected message. */ williamr@2: const TInt KErrSSLUnexpectedMessage = SSL_ERROR_BASE - 11; williamr@2: williamr@2: /** Unsupported cipher. */ williamr@2: const TInt KErrSSLUnsupportedCipher = SSL_ERROR_BASE - 12; williamr@2: williamr@2: /** Bad MAC. */ williamr@2: const TInt KErrSSLBadMAC = SSL_ERROR_BASE - 13; williamr@2: williamr@2: /** An SSL alert was received from the remote end, which caused the connection to be terminated. */ williamr@2: const TInt KErrSSLReceivedAlert = SSL_ERROR_BASE - 14; williamr@2: williamr@2: williamr@2: /** An invalid handshake message was received. */ williamr@2: const TInt KErrSSLRecvNotSupportedHS = SSL_ERROR_BASE - 15; williamr@2: williamr@2: /** A field in the handshake record being parsed was too big. */ williamr@2: const TInt KErrSSLHSRecordFieldTooBig = SSL_ERROR_BASE - 16; williamr@2: williamr@2: /** Record header field too big. */ williamr@2: const TInt KErrSSLRecordHeaderTooBig = SSL_ERROR_BASE - 17; williamr@2: williamr@2: /** Send data field too big. */ williamr@2: const TInt KErrSSLSendDataTooBig = SSL_ERROR_BASE - 18; williamr@2: williamr@2: /** No certificate. */ williamr@2: const TInt KErrSSLNoCertificate = SSL_ERROR_BASE - 19; williamr@2: williamr@2: /** Invalid hash. */ williamr@2: const TInt KErrSSLInvalidHash = SSL_ERROR_BASE - 20; williamr@2: williamr@2: /** Send cancelled. */ williamr@2: const TInt KErrSSLSendCanceled = SSL_ERROR_BASE - 21; williamr@2: williamr@2: /** Receieve cancelled. */ williamr@2: const TInt KErrSSLRecvCanceled = SSL_ERROR_BASE - 22; williamr@2: williamr@2: /** CancelHandshake was called during one of the handshake methods. */ williamr@2: const TInt KErrSSLHandshakeCanceled = SSL_ERROR_BASE - 23; williamr@2: williamr@2: /** Write failed. */ williamr@2: const TInt KErrSSLWriteFailed = SSL_ERROR_BASE - 24; williamr@2: williamr@2: /** The SSL.dll couldn't be loaded by the adaptor. */ williamr@2: const TInt KErrSSLFailedToLoad = SSL_ERROR_BASE - 25; williamr@2: williamr@2: /** An unspecified error was signaled from the SSL.dll to the adaptor. */ williamr@2: const TInt KErrSSLDisconnectIndication = SSL_ERROR_BASE - 26; williamr@2: williamr@2: /** A leave occured in the SSL.dll. */ williamr@2: const TInt KErrSSLDllLeave = SSL_ERROR_BASE - 27; williamr@2: williamr@2: /** A leave occured in the SSL.dll. */ williamr@2: const TInt KErrSSLNullTlsSession = SSL_ERROR_BASE - 28; williamr@2: williamr@2: ///////////////////////////////////////////////////// williamr@2: // These error codes are equivalent to the standard TLS protocol Alert message williamr@2: // errors as defined in the TLS RFC. They include all those defined in SSL3.0 williamr@2: // The end number of each error is the same as per the RFC, so by using the williamr@2: // SSL_ERROR_BASE and SSL_ALERT_BASE defines, errors codes can be constructed williamr@2: // directly from the field within an alert message. williamr@2: /** Close notification. */ williamr@2: const TInt KErrSSLAlertCloseNotify = SSL_ERROR_BASE - SSL_ALERT_BASE - 0; williamr@2: /** An inappropriate message was received. */ williamr@2: const TInt KErrSSLAlertUnexpectedMessage = SSL_ERROR_BASE - SSL_ALERT_BASE - 10; williamr@2: /** A record was received with an incorrect MAC. */ williamr@2: const TInt KErrSSLAlertBadRecordMac = SSL_ERROR_BASE - SSL_ALERT_BASE - 20; williamr@2: /** A TLS cipher text was decrypted in an invalid way. */ williamr@2: const TInt KErrSSLAlertDecryptionFailed = SSL_ERROR_BASE - SSL_ALERT_BASE - 21; williamr@2: /** A TLS cipher text record was received which was too long. */ williamr@2: const TInt KErrSSLAlertRecordOverflow = SSL_ERROR_BASE - SSL_ALERT_BASE - 22; williamr@2: /** The decompression function received improper input. */ williamr@2: const TInt KErrSSLAlertDecompressionFailure = SSL_ERROR_BASE - SSL_ALERT_BASE - 30; williamr@2: /** With given the options available, the sender was unable to negotiate an acceptable williamr@2: * set of security parameters . */ williamr@2: const TInt KErrSSLAlertHandshakeFailure = SSL_ERROR_BASE - SSL_ALERT_BASE - 40; williamr@2: /** No certificate. */ williamr@2: const TInt KErrSSLAlertNoCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 41; williamr@2: /** A certificate was corrupt, e.g. contained signatures that could not be verified. */ williamr@2: const TInt KErrSSLAlertBadCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 42; williamr@2: /** The certificate was of an unsupported type. */ williamr@2: const TInt KErrSSLAlertUnsupportedCertificate = SSL_ERROR_BASE - SSL_ALERT_BASE - 43; williamr@2: /** The certificate was revoked. */ williamr@2: const TInt KErrSSLAlertCertificateRevoked = SSL_ERROR_BASE - SSL_ALERT_BASE - 44; williamr@2: /** The certificate was expired. */ williamr@2: const TInt KErrSSLAlertCertificateExpired = SSL_ERROR_BASE - SSL_ALERT_BASE - 45; williamr@2: /** An unspecified problem with the certificate. Certificate can not be used. */ williamr@2: const TInt KErrSSLAlertCertificateUnknown = SSL_ERROR_BASE - SSL_ALERT_BASE - 46; williamr@2: /** A field in the handshake was out of range or inconsistent with other fields. */ williamr@2: const TInt KErrSSLAlertIllegalParameter = SSL_ERROR_BASE - SSL_ALERT_BASE - 47; williamr@2: williamr@2: /** The certificate was not accepted. williamr@2: * williamr@2: * Either the CA certificate could not be located williamr@2: * or the CA could not be matched with a known trusted CA. */ williamr@2: const TInt KErrSSLAlertUnknownCA = SSL_ERROR_BASE - SSL_ALERT_BASE - 48; williamr@2: /** A valid certificate was received, but the access control denied access. */ williamr@2: const TInt KErrSSLAlertAccessDenied = SSL_ERROR_BASE - SSL_ALERT_BASE - 49; williamr@2: /** A message could not be decoded, e.g. some field was out of the specified range. */ williamr@2: const TInt KErrSSLAlertDecodeError = SSL_ERROR_BASE - SSL_ALERT_BASE - 50; williamr@2: /** A handshake cryptographic operation failed. */ williamr@2: const TInt KErrSSLAlertDecryptError = SSL_ERROR_BASE - SSL_ALERT_BASE - 51; williamr@2: /** A negotiation was not allowed due to export restrictions. */ williamr@2: const TInt KErrSSLAlertExportRestriction = SSL_ERROR_BASE - SSL_ALERT_BASE - 60; williamr@2: /** The protocol version was not supported, e.g. the client has attempted to negotiate williamr@2: * a recognised, but unsupported protocol. */ williamr@2: const TInt KErrSSLAlertProtocolVersion = SSL_ERROR_BASE - SSL_ALERT_BASE - 70; williamr@2: /** Returned instead of KErrSSLAlertHandshakeFailure when the negotiation fails williamr@2: * because the server requests ciphers more secure than those supported by the client. */ williamr@2: const TInt KErrSSLAlertInsufficientSecurity = SSL_ERROR_BASE - SSL_ALERT_BASE - 71; williamr@2: /** An internal error. */ williamr@2: const TInt KErrSSLAlertInternalError = SSL_ERROR_BASE - SSL_ALERT_BASE - 80; williamr@2: /** This handshake is being cancelled by the user. */ williamr@2: const TInt KErrSSLAlertUserCanceled = SSL_ERROR_BASE - SSL_ALERT_BASE - 90; williamr@2: /** No renegotiation will be accepted. */ williamr@2: const TInt KErrSSLAlertNoRenegotiation = SSL_ERROR_BASE - SSL_ALERT_BASE - 100; williamr@2: williamr@2: williamr@2: #endif // __SSLERR_H__