TLS DICOM Security Certificate Exchange/Verification Constants

The following constants are used in the nError parameter of the VERIFY callback to indicate success or error during the certificate exchange/verification phase of TLS DICOM Security negotiation.

Name Value Meaning
L_X509_V_OK 0 Operation was successful
L_X509_V_ERR_UNSPECIFIED 1 Unspecified error.
L_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 Issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
L_X509_V_ERR_UNABLE_TO_GET_CRL 3 Certificate revocation list (CRL) of a certificate could not be found.
L_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 Certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys.
L_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 Certificate revocation list (CRL) signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value.
L_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 Public key in the certificate SubjectPublicKeyInfo could not be read.
L_X509_V_ERR_CERT_SIGNATURE_FAILURE 7 Signature of the certificate is invalid.
L_X509_V_ERR_CRL_SIGNATURE_FAILURE 8 Signature of the certificate is invalid.
L_X509_V_ERR_CERT_NOT_YET_VALID 9 Certificate is not yet valid: the notBefore date is after the current time.
L_X509_V_ERR_CERT_HAS_EXPIRED 10 Certificate has expired: that is the notAfter date is before the current time.
L_X509_V_ERR_CRL_NOT_YET_VALID 11 Certificate revocation list (CRL) is not yet valid.
L_X509_V_ERR_CRL_HAS_EXPIRED 12 Certificate revocation list (CRL) has expired
L_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 Certificate notBefore field contains an invalid time.
L_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 Certificate notAfter field contains an invalid time.
L_X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 CRL lastUpdate field contains an invalid time.
L_X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 CRL nextUpdate field contains an invalid time.
L_X509_V_ERR_OUT_OF_MEM 17 An error occurred trying to allocate memory.
L_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 Passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.
L_X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 Certificate chain could be built up using the untrusted certificates but the root could not be found locally.
L_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 Issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete.
L_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 No signatures could be verified because the chain contains only one certificate and it is not self signed.
L_X509_V_ERR_CERT_CHAIN_TOO_LONG 22 Certificate chain length is greater than the supplied maximum depth.
L_X509_V_ERR_CERT_REVOKED 23 Certificate has been revoked.
L_X509_V_ERR_INVALID_CA 24 A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.
L_X509_V_ERR_PATH_LENGTH_EXCEEDED 25 BasicConstraints pathlength parameter has been exceeded.
L_X509_V_ERR_INVALID_PURPOSE 26 Supplied certificate cannot be used for the specified purpose.
L_X509_V_ERR_CERT_UNTRUSTED 27 Root CA is not marked as trusted for the specified purpose.
L_X509_V_ERR_CERT_REJECTED 28 Root CA is marked to reject the specified purpose.
L_X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 Current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate.
L_X509_V_ERR_AKID_SKID_MISMATCH 30 Current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate.
L_X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 Current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate.
L_X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 Current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing.
L_X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 Unable to get CRL issuer certificate.
L_X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 Un-handled critical extension.
L_X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 Key usage does not include CRL signing.
L_X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 Un-handled critical CRL extension
L_X509_V_ERR_INVALID_NON_CA 37 Invalid non-CA certificate has CA markings.
L_X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 Proxy path length constraint exceeded.
L_X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 Key usage does not include digital signature, and therefore cannot sign certificates.
L_X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 Proxy certificates not allowed unless the -allow_proxy_certs option is used.
L_X509_V_ERR_INVALID_EXTENSION 41 A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions.
L_X509_V_ERR_INVALID_POLICY_EXTENSION 42 A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions.
L_X509_V_ERR_NO_EXPLICIT_POLICY 43 Verification flags were set to require and explicit policy but none was present.
L_X509_V_ERR_DIFFERENT_CRL_SCOPE 44 The only CRLs that could be found did not match the scope of the certificate.
L_X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 Some feature of a certificate extension is not supported
L_X509_V_ERR_UNNESTED_RESOURCE 46 RFC 3779 resource not subset of parent's resources
L_X509_V_ERR_PERMITTED_VIOLATION 47 A name constraint violation occurred in the permitted subtrees.
L_X509_V_ERR_EXCLUDED_VIOLATION 48 A name constraint violation occurred in the excluded subtrees.
L_X509_V_ERR_SUBTREE_MINMAX 49 A certificate name constraints extension included a minimum or maximum field
L_X509_V_ERR_APPLICATION_VERIFICATION 50 An application specific error occurred.
L_X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 An unsupported name constraint type was encountered.
L_X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 Format of the name constraint is not recognized: for example an email address format of a form not mentioned in RFC3280. This could be caused by a garbage extension or some new feature not currently supported.
L_X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 Unsupported or invalid name syntax.
L_X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 An error occurred when attempting to verify the CRL path.
L_X509_V_ERR_SUITE_B_INVALID_VERSION 56 Suite B: certificate version invalid.
L_X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 Suite B: invalid public key algorithm.
L_X509_V_ERR_SUITE_B_INVALID_CURVE 58 Suite B: invalid ECC curve.
L_X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 Suite B: invalid signature algorithm.
L_X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 Suite B: curve not allowed for this LOS.
L_X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 Suite B: cannot sign P-384 with P-256.
L_X509_V_ERR_HOSTNAME_MISMATCH 62 Hostname mismatch.
L_X509_V_ERR_EMAIL_MISMATCH 63 Email address mismatch.
L_X509_V_ERR_IP_ADDRESS_MISMATCH 64 IP address mismatch.
L_X509_V_ERR_INVALID_CALL 65 Invalid certificate verification context.
L_X509_V_ERR_STORE_LOOKUP 66 Issuer certificate lookup error.
L_X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 Proxy subject name violation.
Help Version 21.0.2021.7.2
Products | Support | Contact Us | Intellectual Property Notices
© 1991-2021 LEAD Technologies, Inc. All Rights Reserved.

LEADTOOLS DICOM C API Help
Products | Support | Contact Us | Intellectual Property Notices
© 1991-2021 LEAD Technologies, Inc. All Rights Reserved.