X509 证书的错误码
由于 OpenSSL 报告的证书错误,多个功能可能会失败。
在这种情况下,该函数通过其回调提供 <Error>,该回调具有属性 code
,该属性可以采用以下值之一:
'UNABLE_TO_GET_ISSUER_CERT'
: 无法获得颁发者证书。'UNABLE_TO_GET_CRL'
: 无法获得证书 CRL。'UNABLE_TO_DECRYPT_CERT_SIGNATURE'
: 无法解密证书的签名。'UNABLE_TO_DECRYPT_CRL_SIGNATURE'
: 无法解密 CRL 的签名。'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY'
: 无法解码发行者公钥。'CERT_SIGNATURE_FAILURE'
: 证书签名失败。'CRL_SIGNATURE_FAILURE'
: CRL 签名失败。'CERT_NOT_YET_VALID'
: 证书尚未生效。'CERT_HAS_EXPIRED'
: 证书已过期。'CRL_NOT_YET_VALID'
: CRL 尚未生效。'CRL_HAS_EXPIRED'
: CRL 已过期。'ERROR_IN_CERT_NOT_BEFORE_FIELD'
: 证书的 notBefore 字段中的格式错误。'ERROR_IN_CERT_NOT_AFTER_FIELD'
: 证书的 notAfter 字段中的格式错误。'ERROR_IN_CRL_LAST_UPDATE_FIELD'
: CRL 的 lastUpdate 字段中的格式错误。'ERROR_IN_CRL_NEXT_UPDATE_FIELD'
: CRL 的 nextUpdate 字段中的格式错误。'OUT_OF_MEM'
: 内存不足。'DEPTH_ZERO_SELF_SIGNED_CERT'
: 自签名证书。'SELF_SIGNED_CERT_IN_CHAIN'
: 证书链中的自签名证书。'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
: 无法获得本地颁发者证书。'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
: 无法验证第一个证书。'CERT_CHAIN_TOO_LONG'
: 证书链太长。'CERT_REVOKED'
: 证书已撤销。'INVALID_CA'
: 无效的 CA 证书。'PATH_LENGTH_EXCEEDED'
: 超出路径长度限制。'INVALID_PURPOSE'
: 不支持的证书用途。'CERT_UNTRUSTED'
: 证书不受信任。'CERT_REJECTED'
: 证书被拒绝。'HOSTNAME_MISMATCH'
: 主机名不匹配。
Multiple functions can fail due to certificate errors that are reported by
OpenSSL. In such a case, the function provides an <Error> via its callback that
has the property code
which can take one of the following values:
'UNABLE_TO_GET_ISSUER_CERT'
: Unable to get issuer certificate.'UNABLE_TO_GET_CRL'
: Unable to get certificate CRL.'UNABLE_TO_DECRYPT_CERT_SIGNATURE'
: Unable to decrypt certificate's signature.'UNABLE_TO_DECRYPT_CRL_SIGNATURE'
: Unable to decrypt CRL's signature.'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY'
: Unable to decode issuer public key.'CERT_SIGNATURE_FAILURE'
: Certificate signature failure.'CRL_SIGNATURE_FAILURE'
: CRL signature failure.'CERT_NOT_YET_VALID'
: Certificate is not yet valid.'CERT_HAS_EXPIRED'
: Certificate has expired.'CRL_NOT_YET_VALID'
: CRL is not yet valid.'CRL_HAS_EXPIRED'
: CRL has expired.'ERROR_IN_CERT_NOT_BEFORE_FIELD'
: Format error in certificate's notBefore field.'ERROR_IN_CERT_NOT_AFTER_FIELD'
: Format error in certificate's notAfter field.'ERROR_IN_CRL_LAST_UPDATE_FIELD'
: Format error in CRL's lastUpdate field.'ERROR_IN_CRL_NEXT_UPDATE_FIELD'
: Format error in CRL's nextUpdate field.'OUT_OF_MEM'
: Out of memory.'DEPTH_ZERO_SELF_SIGNED_CERT'
: Self signed certificate.'SELF_SIGNED_CERT_IN_CHAIN'
: Self signed certificate in certificate chain.'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
: Unable to get local issuer certificate.'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
: Unable to verify the first certificate.'CERT_CHAIN_TOO_LONG'
: Certificate chain too long.'CERT_REVOKED'
: Certificate revoked.'INVALID_CA'
: Invalid CA certificate.'PATH_LENGTH_EXCEEDED'
: Path length constraint exceeded.'INVALID_PURPOSE'
: Unsupported certificate purpose.'CERT_UNTRUSTED'
: Certificate not trusted.'CERT_REJECTED'
: Certificate rejected.'HOSTNAME_MISMATCH'
: Hostname mismatch.