The following constants are used in the nError parameter of the LDicomNet::OnVerify callback to indicate success or error during the certificate exchange/verification phase of TLS DICOM Security negotiation.
Name | Value | Meaning | |
---|---|---|---|
L_X509_V_OK | 0 | Operation was successful | |
L_X509_V_ERR_UNSPECIFIED | 1 | Unspecified error. | |
L_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT | 2 | Issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. | |
L_X509_V_ERR_UNABLE_TO_GET_CRL | 3 | Certificate revocation list (CRL) of a certificate could not be found. | |
L_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE | 4 | Certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys. | |
L_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE | 5 | Certificate revocation list (CRL) signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. | |
L_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY | 6 | Public key in the certificate SubjectPublicKeyInfo could not be read. | |
L_X509_V_ERR_CERT_SIGNATURE_FAILURE | 7 | Signature of the certificate is invalid. | |
L_X509_V_ERR_CRL_SIGNATURE_FAILURE | 8 | Signature of the certificate is invalid. | |
L_X509_V_ERR_CERT_NOT_YET_VALID | 9 | Certificate is not yet valid: the notBefore date is after the current time. | |
L_X509_V_ERR_CERT_HAS_EXPIRED | 10 | Certificate has expired: that is the notAfter date is before the current time. | |
L_X509_V_ERR_CRL_NOT_YET_VALID | 11 | Certificate revocation list (CRL) is not yet valid. | |
L_X509_V_ERR_CRL_HAS_EXPIRED | 12 | Certificate revocation list (CRL) has expired | |
L_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD | 13 | Certificate notBefore field contains an invalid time. | |
L_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD | 14 | Certificate notAfter field contains an invalid time. | |
L_X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD | 15 | CRL lastUpdate field contains an invalid time. | |
L_X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD | 16 | CRL nextUpdate field contains an invalid time. | |
L_X509_V_ERR_OUT_OF_MEM | 17 | An error occurred trying to allocate memory. | |
L_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT | 18 | Passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates. | |
L_X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN | 19 | Certificate chain could be built up using the untrusted certificates but the root could not be found locally. | |
L_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 20 | Issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. | |
L_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE | 21 | No signatures could be verified because the chain contains only one certificate and it is not self signed. | |
L_X509_V_ERR_CERT_CHAIN_TOO_LONG | 22 | Certificate chain length is greater than the supplied maximum depth. | |
L_X509_V_ERR_CERT_REVOKED | 23 | Certificate has been revoked. | |
L_X509_V_ERR_INVALID_CA | 24 | A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose. | |
L_X509_V_ERR_PATH_LENGTH_EXCEEDED | 25 | BasicConstraints pathlength parameter has been exceeded. | |
L_X509_V_ERR_INVALID_PURPOSE | 26 | Supplied certificate cannot be used for the specified purpose. | |
L_X509_V_ERR_CERT_UNTRUSTED | 27 | Root CA is not marked as trusted for the specified purpose. | |
L_X509_V_ERR_CERT_REJECTED | 28 | Root CA is marked to reject the specified purpose. | |
L_X509_V_ERR_SUBJECT_ISSUER_MISMATCH | 29 | Current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. | |
L_X509_V_ERR_AKID_SKID_MISMATCH | 30 | Current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. | |
L_X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH | 31 | Current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. | |
L_X509_V_ERR_KEYUSAGE_NO_CERTSIGN | 32 | Current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing. | |
L_X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER | 33 | Unable to get CRL issuer certificate. | |
L_X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION | 34 | Un-handled critical extension. | |
L_X509_V_ERR_KEYUSAGE_NO_CRL_SIGN | 35 | Key usage does not include CRL signing. | |
L_X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION | 36 | Un-handled critical CRL extension | |
L_X509_V_ERR_INVALID_NON_CA | 37 | Invalid non-CA certificate has CA markings. | |
L_X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED | 38 | Proxy path length constraint exceeded. | |
L_X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 39 | Key usage does not include digital signature, and therefore cannot sign certificates. | |
L_X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED | 40 | Proxy certificates not allowed unless the -allow_proxy_certs option is used. | |
L_X509_V_ERR_INVALID_EXTENSION | 41 | A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. | |
L_X509_V_ERR_INVALID_POLICY_EXTENSION | 42 | A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. | |
L_X509_V_ERR_NO_EXPLICIT_POLICY | 43 | Verification flags were set to require and explicit policy but none was present. | |
L_X509_V_ERR_DIFFERENT_CRL_SCOPE | 44 | The only CRLs that could be found did not match the scope of the certificate. | |
L_X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE | 45 | Some feature of a certificate extension is not supported | |
L_X509_V_ERR_UNNESTED_RESOURCE | 46 | RFC 3779 resource not subset of parent's resources | |
L_X509_V_ERR_PERMITTED_VIOLATION | 47 | A name constraint violation occurred in the permitted subtrees. | |
L_X509_V_ERR_EXCLUDED_VIOLATION | 48 | A name constraint violation occurred in the excluded subtrees. | |
L_X509_V_ERR_SUBTREE_MINMAX | 49 | A certificate name constraints extension included a minimum or maximum field | |
L_X509_V_ERR_APPLICATION_VERIFICATION | 50 | An application specific error occurred. | |
L_X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE | 51 | An unsupported name constraint type was encountered. | |
L_X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX | 52 | Format of the name constraint is not recognized: for example an email address format of a form not mentioned in RFC3280. This could be caused by a garbage extension or some new feature not currently supported. | |
L_X509_V_ERR_UNSUPPORTED_NAME_SYNTAX | 53 | Unsupported or invalid name syntax. | |
L_X509_V_ERR_CRL_PATH_VALIDATION_ERROR | 54 | An error occurred when attempting to verify the CRL path. | |
L_X509_V_ERR_SUITE_B_INVALID_VERSION | 56 | Suite B: certificate version invalid. | |
L_X509_V_ERR_SUITE_B_INVALID_ALGORITHM | 57 | Suite B: invalid public key algorithm. | |
L_X509_V_ERR_SUITE_B_INVALID_CURVE | 58 | Suite B: invalid ECC curve. | |
L_X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM | 59 | Suite B: invalid signature algorithm. | |
L_X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED | 60 | Suite B: curve not allowed for this LOS. | |
L_X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 | 61 | Suite B: cannot sign P-384 with P-256. | |
L_X509_V_ERR_HOSTNAME_MISMATCH | 62 | Hostname mismatch. | |
L_X509_V_ERR_EMAIL_MISMATCH | 63 | Email address mismatch. | |
L_X509_V_ERR_IP_ADDRESS_MISMATCH | 64 | IP address mismatch. | |
L_X509_V_ERR_INVALID_CALL | 65 | Invalid certificate verification context. | |
L_X509_V_ERR_STORE_LOOKUP | 66 | Issuer certificate lookup error. | |
L_X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION | 67 | Proxy subject name violation. |