Constant
Value
Description
SEC_ERROR_IO
-8192
An I/O error occurred during
authentication; or
an error occurred during
crypto operation (other than
signature verification).
SEC_ERROR_LIBRARY_FAILURE
-8191
Security library failure.
SEC_ERROR_BAD_DATA
-8190
Security library: received bad
data.
SEC_ERROR_OUTPUT_LEN
-8189
Security library: output
length error.
SEC_ERROR_INPUT_LEN
-8188
Security library: input length
error.
SEC_ERROR_INVALID_ARGS
-8187
Security library: invalid
arguments.
SEC_ERROR_INVALID_ALGORITHM
-8186
Security library: invalid
algorithm.
SEC_ERROR_INVALID_AVA
-8185
Security library: invalid AVA.
SEC_ERROR_INVALID_TIME
-8184
Security library: invalid
time.
SEC_ERROR_BAD_DER
-8183
Security library: improperly
formatted DER-encoded message.
SEC_ERROR_BAD_SIGNATURE
-8182
Peer’s certificate has an
invalid signature.
SEC_ERROR_EXPIRED_CERTIFICATE
-8181
Peer’s certificate has
expired.
SEC_ERROR_REVOKED_CERTIFICATE
-8180
Peer’s certificate has been
revoked.
SEC_ERROR_UNKNOWN_ISSUER
-8179
Peer’s certificate issuer is
not recognized.
SEC_ERROR_BAD_KEY
-8178
Peer’s public key is invalid
SEC_ERROR_BAD_PASSWORD
-8177
The password entered is
incorrect.
SEC_ERROR_RETRY_PASSWORD
-8176
New password entered
incorrectly.
SEC_ERROR_NO_NODELOCK
-8175
Security library: no nodelock.
SEC_ERROR_BAD_DATABASE
-8174
Security library: bad
database.
SEC_ERROR_NO_MEMORY
-8173
Security library: memory
allocation failure.
SEC_ERROR_UNTRUSTED_ISSUER
-8172
Peer’s certificate issuer has
been marked as not trusted by
the user.
SEC_ERROR_UNTRUSTED_CERT
-8171
Peer’s certificate has been
marked as not trusted by the
user.
SEC_ERROR_DUPLICATE_CERT
-8170
Certificate already exists in
your database.
SEC_ERROR_DUPLICATE_CERT_NAME
-8169
Downloaded certificate’s name
duplicates one already in your
database.
SEC_ERROR_ADDING_CERT
-8168
Error adding certificate to
database.
SEC_ERROR_FILING_KEY
-8167
Error refiling the key for
this certificate.
SEC_ERROR_NO_KEY
-8166
The private key for this
certificate cannot be found in
key database.
SEC_ERROR_CERT_VALID
-8165
This certificate is valid.
SEC_ERROR_CERT_NOT_VALID
-8164
This certificate is not valid.
SEC_ERROR_CERT_NO_RESPONSE
-8163
Certificate library: no
response.
SEC_ER
ROR_EXPIRED_ISSUER_CERTIFICATE
-8162
The certificate issuer’s
certificate has expired.
SEC_ERROR_CRL_EXPIRED
-8161
The CRL for the certificate’s
issuer has expired.
SEC_ERROR_CRL_BAD_SIGNATURE
-8160
The CRL for the certificate’s
issuer has an invalid
signature.
SEC_ERROR_CRL_INVALID
-8159
New CRL has an invalid format.
SEC
_ERROR_EXTENSION_VALUE_INVALID
-8158
Certificate extension value is
invalid.
SEC_ERROR_EXTENSION_NOT_FOUND
-8157
Certificate extension not
found.
SEC_ERROR_CA_CERT_INVALID
-8156
Issuer certificate is invalid.
SEC_ERR
OR_PATH_LEN_CONSTRAINT_INVALID
-8155
Certificate path length
constraint is invalid.
SEC_ERROR_CERT_USAGES_INVALID
-8154
Certificate usages field is
invalid.
SEC_INTERNAL_ONLY
-8153
Internal-only module.
SEC_ERROR_INVALID_KEY
-8152
The key does not support the
requested operation.
SEC_ER
ROR_UNKNOWN_CRITICAL_EXTENSION
-8151
Certificate contains unknown
critical extension.
SEC_ERROR_OLD_CRL
-8150
New CRL is not later than the
current one.
SEC_ERROR_NO_EMAIL_CERT
-8149
Not encrypted or signed: you
do not yet have an email
certificate.
SEC_
ERROR_NO_RECIPIENT_CERTS_QUERY
-8148
Not encrypted: you do not have
certificates for each of the
recipients.
SEC_ERROR_NOT_A_RECIPIENT
-8147
Cannot decrypt: you are not a
recipient, or matching
certificate and private key
not found.
S
EC_ERROR_PKCS7_KEYALG_MISMATCH
-8146
Cannot decrypt: key encryption
algorithm does not match your
certificate.
SEC_ERROR_PKCS7_BAD_SIGNATURE
-8145
Signature verification failed:
no signer found, too many
signers found,
or improper or corrupted data.
SEC_ERROR_UNSUPPORTED_KEYALG
-8144
Unsupported or unknown key
algorithm.
S
EC_ERROR_DECRYPTION_DISALLOWED
-8143
Cannot decrypt: encrypted
using a disallowed algorithm
or key size.
XP_SEC_FORTEZZA_BAD_CARD
-8142
FORTEZZA card has not been
properly initialized.
XP_SEC_FORTEZZA_NO_CARD
-8141
No FORTEZZA cards found.
XP_SEC_FORTEZZA_NONE_SELECTED
-8140
No FORTEZZA card selected.
XP_SEC_FORTEZZA_MORE_INFO
-8139
Please select a personality to
get more info on.
XP
_SEC_FORTEZZA_PERSON_NOT_FOUND
-8138
Personality not found
XP_SEC_FORTEZZA_NO_MORE_INFO
-8137
No more information on that
personality.
XP_SEC_FORTEZZA_BAD_PIN
-8136
Invalid PIN.
XP_SEC_FORTEZZA_PERSON_ERROR
-8135
Couldn’t initialize FORTEZZA
personalities.
SEC_ERROR_NO_KRL
-8134
No KRL for this site’s
certificate has been found.
SEC_ERROR_KRL_EXPIRED
-8133
The KRL for this site’s
certificate has expired.
SEC_ERROR_KRL_BAD_SIGNATURE
-8132
The KRL for this site’s
certificate has an invalid
signature.
SEC_ERROR_REVOKED_KEY
-8131
The key for this site’s
certificate has been revoked.
SEC_ERROR_KRL_INVALID
-8130
New KRL has an invalid format.
SEC_ERROR_NEED_RANDOM
-8129
Security library: need random
data.
SEC_ERROR_NO_MODULE
-8128
Security library: no security
module can perform the
requested operation.
SEC_ERROR_NO_TOKEN
-8127
The security card or token
does not exist, needs to be
initialized, or has been
removed.
SEC_ERROR_READ_ONLY
-8126
Security library: read-only
database.
SEC_ERROR_NO_SLOT_SELECTED
-8125
No slot or token was selected.
SEC
_ERROR_CERT_NICKNAME_COLLISION
-8124
A certificate with the same
nickname already exists.
SE
C_ERROR_KEY_NICKNAME_COLLISION
-8123
A key with the same nickname
already exists.
SEC_ERROR_SAFE_NOT_CREATED
-8122
Error while creating safe
object.
SEC_ERROR_BAGGAGE_NOT_CREATED
-8121
Error while creating baggage
object.
XP_JAVA_REMOVE_PRINCIPAL_ERROR
-8120
Couldn’t remove the principal.
XP_JAVA_DELETE_PRIVILEGE_ERROR
-8119
Couldn’t delete the privilege
XP_JAVA_CERT_NOT_EXISTS_ERROR
-8118
This principal doesn’t have a
certificate.
SEC_ERROR_BAD_EXPORT_ALGORITHM
-8117
Required algorithm is not
allowed.
SE
C_ERROR_EXPORTING_CERTIFICATES
-8116
Error attempting to export
certificates.
SE
C_ERROR_IMPORTING_CERTIFICATES
-8115
Error attempting to import
certificates.
SEC_ERROR_PKCS12_DECODING_PFX
-8114
Unable to import. Decoding
error. File not valid.
SEC_ERROR_PKCS12_INVALID_MAC
-8113
Unable to import. Invalid MAC.
Incorrect password or corrupt
file.
SEC_ERROR_PK
CS12_UNSUPPORTED_MAC_ALGORITHM
-8112
Unable to import. MAC
algorithm not supported.
SEC_ERROR_PKC
S12_UNSUPPORTED_TRANSPORT_MODE
-8111
Unable to import. Only
password integrity and privacy
modes supported.
SEC_ERROR
_PKCS12_CORRUPT_PFX_STRUCTURE
-8110
Unable to import. File
structure is corrupt.
SEC_ERROR_PK
CS12_UNSUPPORTED_PBE_ALGORITHM
-8109
Unable to import. Encryption
algorithm not supported.
SEC_ER
ROR_PKCS12_UNSUPPORTED_VERSION
-8108
Unable to import. File version
not supported.
SEC_ERROR_PKC
S12_PRIVACY_PASSWORD_INCORRECT
-8107
Unable to import. Incorrect
privacy password.
S
EC_ERROR_PKCS12_CERT_COLLISION
-8106
Unable to import. Same
nickname already exists in
database.
SEC_ERROR_USER_CANCELLED
-8105
The user clicked cancel.
S
EC_ERROR_PKCS12_DUPLICATE_DATA
-8104
Not imported, already in
database.
SEC_ERROR_MESSAGE_SEND_ABORTED
-8103
Message not sent.
SEC_ERROR_INADEQUATE_KEY_USAGE
-8102
Certificate key usage
inadequate for attempted
operation.
SEC_ERROR_INADEQUATE_CERT_TYPE
-8101
Certificate type not approved
for application.
SEC_ERROR_CERT_ADDR_MISMATCH
-8100
Address in signing certificate
does not match address in
message headers.
SEC_ERR
OR_PKCS12_UNABLE_TO_IMPORT_KEY
-8099
Unable to import. Error
attempting to import private
key.
SEC_ERR
OR_PKCS12_IMPORTING_CERT_CHAIN
-8098
Unable to import. Error
attempting to import
certificate chain.
SEC_ERROR_PKCS12_U
NABLE_TO_LOCATE_OBJECT_BY_NAME
-8097
Unable to export. Unable to
locate certificate or key by
nickname.
SEC_ERRO
R_PKCS12_UNABLE_TO_EXPORT_KEY
-8096
Unable to export. Private key
could not be located and
exported.
SE
C_ERROR_PKCS12_UNABLE_TO_WRITE
-8095
Unable to export. Unable to
write the export file.
S
EC_ERROR_PKCS12_UNABLE_TO_READ
-8094
Unable to import. Unable to
read the import file.
SEC_ERROR_PKCS1
2_KEY_DATABASE_NOT_INITIALIZED
-8093
Unable to export. Key database
corrupt or deleted.
SEC_ERROR_KEYGEN_FAIL
-8092
Unable to generate
public-private key pair.
SEC_ERROR_INVALID_PASSWORD
-8091
Password entered is invalid.
SEC_ERROR_RETRY_OLD_PASSWORD
-8090
Old password entered
incorrectly.
SEC_ERROR_BAD_NICKNAME
-8089
Certificate nickname already
in use.
SEC_ERROR_NOT_FORTEZZA_ISSUER
-8088
Peer FORTEZZA chain has a
non-FORTEZZA Certificate.
SEC_E
RROR_CANNOT_MOVE_SENSITIVE_KEY
-8087
“A sensitive key cannot be
moved to the slot where it is
needed.”
SE
C_ERROR_JS_INVALID_MODULE_NAME
-8086
Invalid module name.
SEC_ERROR_JS_INVALID_DLL
-8085
Invalid module path/filename.
SEC_ERROR_JS_ADD_MOD_FAILURE
-8084
Unable to add module.
SEC_ERROR_JS_DEL_MOD_FAILURE
-8083
Unable to delete module.
SEC_ERROR_OLD_KRL
-8082
New KRL is not later than the
current one.
SEC_ERROR_CKL_CONFLICT
-8081
New CKL has different issuer
than current CKL.
SE
C_ERROR_CERT_NOT_IN_NAME_SPACE
-8080
Certificate issuer is not
permitted to issue a
certificate with this name.
SEC_ERROR_KRL_NOT_YET_VALID
-8079
“The key revocation list for
this certificate is not yet
valid.”
SEC_ERROR_CRL_NOT_YET_VALID
-8078
“The certificate revocation
list for this certificate is
not yet valid.”
SEC_ERROR_UNKNOWN_CERT
-8077
“The requested certificate
could not be found.”
SEC_ERROR_UNKNOWN_SIGNER
-8076
“The signer’s certificate
could not be found.”
SEC_
ERROR_CERT_BAD_ACCESS_LOCATION
-8075
“The location for the
certificate status server has
invalid format.”
SEC_ER
ROR_OCSP_UNKNOWN_RESPONSE_TYPE
-8074
“The OCSP response cannot be
fully decoded; it is of an
unknown type.”
SE
C_ERROR_OCSP_BAD_HTTP_RESPONSE
-8073
“The OCSP server returned
unexpected/invalid HTTP data.”
SE
C_ERROR_OCSP_MALFORMED_REQUEST
-8072
“The OCSP server found the
request to be corrupted or
improperly formed.”
SEC_ERROR_OCSP_SERVER_ERROR
-8071
“The OCSP server experienced
an internal error.”
S
EC_ERROR_OCSP_TRY_SERVER_LATER
-8070
“The OCSP server suggests
trying again later.”
SE
C_ERROR_OCSP_REQUEST_NEEDS_SIG
-8069
“The OCSP server requires a
signature on this request.”
SEC_E
RROR_OCSP_UNAUTHORIZED_REQUEST
-8068
“The OCSP server has refused
this request as unauthorized.”
SEC_ERRO
R_OCSP_UNKNOWN_RESPONSE_STATUS
-8067
“The OCSP server returned an
unrecognizable status.”
SEC_ERROR_OCSP_UNKNOWN_CERT
-8066
“The OCSP server has no status
for the certificate.”
SEC_ERROR_OCSP_NOT_ENABLED
-8065
“You must enable OCSP before
performing this operation.”
SEC_E
RROR_OCSP_NO_DEFAULT_RESPONDER
-8064
“You must set the OCSP default
responder before performing
this operation.”
SEC
_ERROR_OCSP_MALFORMED_RESPONSE
-8063
“The response from the OCSP
server was corrupted or
improperly formed.”
SEC_ER
ROR_OCSP_UNAUTHORIZED_RESPONSE
-8062
“The signer of the OCSP
response is not authorized to
give status for this
certificate.”
SEC_ERROR_OCSP_FUTURE_RESPONSE
-8061
“The OCSP response is not yet
valid (contains a date in the
future).”
SEC_ERROR_OCSP_OLD_RESPONSE
-8060
“The OCSP response contains
out-of-date information.”
SEC_ERROR_DIGEST_NOT_FOUND
-8059
“The CMS or PKCS #7 Digest was
not found in signed message.”
SEC_
ERROR_UNSUPPORTED_MESSAGE_TYPE
-8058
“The CMS or PKCS #7 Message
type is unsupported.”
SEC_ERROR_MODULE_STUCK
-8057
“PKCS #11 module could not be
removed because it is still in
use.”
SEC_ERROR_BAD_TEMPLATE
-8056
“Could not decode ASN.1 data.
Specified template was
invalid.”
SEC_ERROR_CRL_NOT_FOUND
-8055
“No matching CRL was found.”
SEC_
ERROR_REUSED_ISSUER_AND_SERIAL
-8054
“You are attempting to import
a cert with the same
issuer/serial as an existing
cert, but that is not the same
cert.”
SEC_ERROR_BUSY
-8053
“NSS could not shutdown.
Objects are still in use.”
SEC_ERROR_EXTRA_INPUT
-8052
“DER-encoded message contained
extra unused data.”
SEC_ER
ROR_UNSUPPORTED_ELLIPTIC_CURVE
-8051
“Unsupported elliptic curve.”
SEC_E
RROR_UNSUPPORTED_EC_POINT_FORM
-8050
“Unsupported elliptic curve
point form.”
SEC_ERROR_UNRECOGNIZED_OID
-8049
“Unrecognized Object
IDentifier.”
SEC_E
RROR_OCSP_INVALID_SIGNING_CERT
-8048
“Invalid OCSP signing
certificate in OCSP response.”
SEC
_ERROR_REVOKED_CERTIFICATE_CRL
-8047
“Certificate is revoked in
issuer’s certificate
revocation list.”
SEC_
ERROR_REVOKED_CERTIFICATE_OCSP
-8046
“Issuer’s OCSP responder
reports certificate is
revoked.”
SEC_ERROR_CRL_INVALID_VERSION
-8045
“Issuer’s Certificate
Revocation List has an unknown
version number.”
SEC_E
RROR_CRL_V1_CRITICAL_EXTENSION
-8044
“Issuer’s V1 Certificate
Revocation List has a critical
extension.”
SEC_ERROR_
CRL_UNKNOWN_CRITICAL_EXTENSION
-8043
“Issuer’s V2 Certificate
Revocation List has an unknown
critical extension.”
SEC_ERROR_UNKNOWN_OBJECT_TYPE
-8042
“Unknown object type
specified.”
SEC_ERROR_INCOMPATIBLE_PKCS11
-8041
“PKCS #11 driver violates the
spec in an incompatible way.”
SEC_ERROR_NO_EVENT
-8040
“No new slot event is
available at this time.”
SEC_ERROR_CRL_ALREADY_EXISTS
-8039
“CRL already exists.”
SEC_ERROR_NOT_INITIALIZED
-8038
“NSS is not initialized.”
SEC_ERROR_TOKEN_NOT_LOGGED_IN
-8037
“The operation failed because
the PKCS#11 token is not
logged in.”
SEC_ERR
OR_OCSP_RESPONDER_CERT_INVALID
-8036
“The configured OCSP
responder’s certificate is
invalid.”
SEC_ERROR_OCSP_BAD_SIGNATURE
-8035
“OCSP response has an invalid
signature.”
SEC_ERROR_OUT_OF_SEARCH_LIMITS
-8034
“Certification validation
search is out of search
limits.”
SE
C_ERROR_INVALID_POLICY_MAPPING
-8033
“Policy mapping contains
any-policy.”
SEC_
ERROR_POLICY_VALIDATION_FAILED
-8032
“Certificate chain fails
policy validation.”
SEC_E
RROR_UNKNOWN_AIA_LOCATION_TYPE
-8031
“Unknown location type in
certificate AIA extension.”
SEC_ERROR_BAD_HTTP_RESPONSE
-8030
“Server returned a bad HTTP
response.”
SEC_ERROR_BAD_LDAP_RESPONSE
-8029
“Server returned a bad LDAP
response.”
S
EC_ERROR_FAILED_TO_ENCODE_DATA
-8028
“Failed to encode data with
ASN.1 encoder.”
SEC_
ERROR_BAD_INFO_ACCESS_LOCATION
-8027
“Bad information access
location in certificate
extension.”
SEC_ERROR_LIBPKIX_INTERNAL
-8026
“Libpkix internal error
occurred during cert
validation.”
SEC_ERROR_PKCS11_GENERAL_ERROR
-8025
“A PKCS #11 module returned
CKR_GENERAL_ERROR, indicating
that an unrecoverable error
has occurred.”
SE
C_ERROR_PKCS11_FUNCTION_FAILED
-8024
“A PKCS #11 module returned
CKR_FUNCTION_FAILED,
indicating that the requested
function could not be
performed. Trying the same
operation again might
succeed.”
SEC_ERROR_PKCS11_DEVICE_ERROR
-8023
“A PKCS #11 module returned
CKR_DEVICE_ERROR, indicating
that a problem has occurred
with the token or slot.”
SE
C_ERROR_BAD_INFO_ACCESS_METHOD
-8022
“Unknown information access
method in certificate
extension.”
SEC_ERROR_CRL_IMPORT_FAILED
-8021
“Error attempting to import a
CRL.”
SEC_ERROR_UNKNOWN_PKCS11_ERROR
-8018
“Unknown PKCS #11 error.”
(unknown error value mapping)
Содержание
- Как устранить ошибку при переходе на защищенный сайт?
- Причина 1: Сертификат не будет действителен до даты [дата]
- Причина 2: Сертификат истек [дата]
- Причина 3: к сертификату нет доверия, так как сертификат его издателя неизвестен
- Причина 4: к сертификату нет доверия, т.к. отсутствует цепочка сертификатов
- Как устранить ошибку при переходе на незащищенный сайт?
- Обход ошибки
- Видео-урок:
- Вопросы и ответы
И хотя Mozilla Firefox считается наиболее стабильным браузером, в процессе использования некоторые пользователи могут сталкиваться с различными ошибками. В данной статье пойдет речь об ошибке «Ошибка при установлении защищенного соединения», а именно о способах ее устранения.
Сообщение «Ошибка при установлении защищенного подключения» может появляться в двух случаях: когда вы переходите на защищенный сайт и, соответственно, при переходе на незащищенный сайт. Оба типа проблемы мы и рассмотрим ниже.
Как устранить ошибку при переходе на защищенный сайт?
В большинстве случаев пользователь сталкивается с ошибкой при установлении защищенного подключения при переходе на защищенный сайт.
О том, что сайт защищен, пользователю может говорить «https» в адресной строке перед названием самого сайта.
Если вы столкнулись с сообщением «Ошибка при установлении защищенного соединения», то под ним вы сможете увидеть разъяснение причины возникновения проблемы.
Причина 1: Сертификат не будет действителен до даты [дата]
При переходе на защищенный веб-сайт Mozilla Firefox в обязательном порядке проверяет у сайта наличие сертификатов, которые позволят быть уверенным в том, что ваши данные будут передаваться только туда, куда они были предназначены.
Как правило, подобного типа ошибка говорит о том, что на вашем компьютере установлены неправильные дата и время.
В данном случае вам потребуется изменить дату и время. Для этого щелкните в правом нижнем углу по иконке даты и в отобразившемся окне выберите пункт «Параметры даты и времени».
На экране отобразится окно, в котором рекомендуется активировать пункт «Установить время автоматически», тогда система самостоятельно установит верные дату и время.
Причина 2: Сертификат истек [дата]
Эта ошибка как также может говорить о неправильно установленном времени, так и может являться верным знаком того, что сайт все-таки вовремя не обновил свои сертификаты.
Если дата и время установлены на вашем компьютере, то, вероятно, проблема в сайте, и пока он не обновит сертификаты, доступ к сайту может быть получен только путем добавления в исключения, который описан ближе к концу статьи.
Причина 3: к сертификату нет доверия, так как сертификат его издателя неизвестен
Подобная ошибка может возникнуть в двух случаях: сайту действительно не стоит доверять, или же проблема заключается в файле cert8.db, расположенном в папке профиля Firefox, который был поврежден.
Если вы уверены в безопасности сайта, то, вероятно, проблема все же заключается в поврежденном файле. И чтобы решить проблему, потребуется, чтобы Mozilla Firefox создала новый такой файл, а значит, необходимо удалить старую версию.
Чтобы попасть в папку профиля, щелкните по кнопке меню Firefox и в отобразившемся окне щелкните по иконке со знаком вопроса.
В той же области окна отобразится дополнительное меню, в котором потребуется щелкнуть по пункту «Информация для решения проблем».
В открывшемся окне щелкните по кнопке «Показать папку».
После того, как на экране появится папка профиля, необходимо закрыть Mozilla Firefox. Для этого щелкните по кнопке меню браузера и в отобразившемся окне кликните по кнопке «Выход».
Теперь вернемся к папке профиля. Найдите в ней файл cert8.db, щелкните по нему правой кнопкой мыши и выберите пункт «Удалить».
Как только файл будет удален, можете закрыть папку профиля и снова запустить Firefox.
Причина 4: к сертификату нет доверия, т.к. отсутствует цепочка сертификатов
Подобная ошибка возникает, как привило, из-за антивирусов, в которых активирована функция SSL-сканирования. Перейдите в настройки антивируса и отключите функцию сетевого (SSL) сканирования.
Как устранить ошибку при переходе на незащищенный сайт?
Если сообщение «Ошибка при переходе на защищенное соединение» появляется, если вы переходите на незащищенный сайт, это может говорить о конфликте настроек, дополнений и тем.
Прежде всего, откройте меню браузера и перейдите к разделу «Дополнения». В левой области окна, открыв вкладку «Расширения», отключите максимальное количество расширений, установленных для вашего браузера.
Следом перейдите ко вкладке «Внешний вид» и удалите все сторонние темы, оставив и применив для Firefox стандартную.
После выполнения данных действий проверьте наличие ошибки. Если она осталась, попробуйте отключить аппаратное ускорение.
Для этого щелкните по кнопке меню браузера и перейдите к разделу «Настройки».
В левой области окна перейдите ко вкладке «Дополнительные», а в верхней откройте подвкладку «Общие». В данном окне вам потребуется снять галочку с пункта «По возможности использовать аппаратное ускорение».
Обход ошибки
Если вы так и не смогли устранить сообщение «Ошибка при установлении защищенного соединения», но при этом уверены в безопасности сайта, устранить проблему можно, обойдя настойчивое предупреждение Firefox.
Для этого в окне с ошибкой щелкните по кнопке «Или же вы можете добавить исключение», после чего кликните по появившейся кнопке «Добавить исключение».
На экране отобразится окно, в котором щелкните по кнопке «Получить сертификат», а затем кликните по кнопке «Подтвердить исключение безопасности».
Видео-урок:
Надеемся данная статья помогла вам устранить проблемы в работе Mozilla Firefox.
Содержание
- linux-notes.org
- Решение некоторых проблем с handshake (рукопожатием) SSL/TLS
- Ошибка «SSL_do_handshake errors с nginx или haproxy»
- Mozilla
- Chapter 8 NSS and SSL Error Codes
- SSL Error Codes
- SEC Error Codes
linux-notes.org
Handshake (рукопожатие) SSL/TLS состоит из того, что сервер и клиент идентифицируют друг друга и начинают общение через шифрованный SSL/TLS-туннель (который является безопасным).
Данный процесс и называется handshak-ом или рукопожатием из-за того, что они (сервер и клиент) видятся первый раз. Такой процесс, начинается с идентификации и заканчивается генерированием секретного ключа.
Что такое SSL/TLS-рукопожатие?
SSL handshake – это общение сервера и клиента между собой, где каждый хочет достичь одной и той же цели – безопасно общаться с помощью симметричного шифрования. При таком шифровании у двух сторон один ключ для шифрования и дешифрования сообщений. Такой ключ называется общим секретным – у всех пользователей, которые обмениваются данными, один и тот же ключ.
Принцип работы handshake (рукопожатие) SSL/TLS
Расмотрим диалог сервера и клиента:
Клиент: «Здравствуйте сервер! Я бы хотел установить безопасное соединение между нами. От себя, я отсылаю свои шифры и совместимую SSL/TLS версию».
Сервер: «Здравствуйте, клиент! Я проверил шифр который получил от тебя и SSL/TLS версию, которую ты используешь. Нет повода отсоединятся, так что — продолжаем…. От себя, я хотел бы отправить свой сертификат-файл и публичный ключ. Клиент, проверь их пожалуйста».
Клиент: » Такс, твой сертификат в порядке. Но мне необходимо, чекнуть твой закрытый ключ. Для этого, я сейчас сгенерирую и зашифрую общий секретный ключ с помощью твоего открытого ключа. Выполни расшифровку с помощью своего приватного ключика. Если все пройдет гладко, — ты в свою очередь, создашь главный секрет, который мы в дальнейшем, будем использовать для шифрования и расшифрования информации».
Сервер: «Понял! Все сделано».
С этого момента, когда сервер и клиент доверяют друг другу, то инфу которую они будут передавать между собой, будет зашифрована с помощью главного секрета (После проверок, информация будет зашифрована только через главный секретный ключ).
Клиент: «И так, для тестирования — я отправлю тестовое сообщение, дабы удостоверится, что созданный главный секрет корректно работает. Сервер, ты в свою очередь, когда получишь это тестовое сообщение — отправь мне расшифрованную версию этого сообщения. Если все получится, наши данные — в безопасности».
Сервер: «Да, все прочто отлично. Работает!».
Вот такое вот SSL/TLS-рукопожатие. С этого момента, когда сервер и клиент будут передавать файлы, они будут зашифрованы.
Решение некоторых проблем с handshake (рукопожатием) SSL/TLS
Ошибка «SSL_do_handshake errors с nginx или haproxy»
Если вы загружаете https трафик с haproxy в tcp-режиме, и вы выполняете это с помощью nginx, и вы получаете 502 ошибки, сопровождаемые этими ошибками SSL в журнале ошибок nginx:
То вам нужно отключить опцию proxy_ssl_session_reuse:
По умолчанию nginx пытается повторно использовать сеансы ssl для https upstream; но когда HAProxy циклично обрабатывает tcp-соединения между разными бэкендами, сеанс ssl не будет действителен с одного подключения tcp к другому.
Вот и все, статья «Принцип работы handshake (рукопожатие) SSL/TLS» завершена.
Источник
Mozilla
Chapter 8
NSS and SSL Error Codes
SSL Error Codes
Table 8.1 Error codes defined in sslerr.h
Received a malformed (too long or short or invalid content) SSL handshake:
All the error codes in the following block indicate that the local socket received an improperly formatted SSL3 handshake message from the remote peer. This probably indicates a flaw in the remote peer’s implementation.
Received a malformed (too long or short) SSL record:
All the error codes in the following block indicate that the local socket received an improperly formatted SSL3 record from the remote peer. This probably indicates a flaw in the remote peer’s implementation.
Received an SSL handshake that was inappropriate for the current state:
All the error codes in the following block indicate that the local socket received an SSL3 handshake message from the remote peer at a time when it was inappropriate for the peer to have sent this message. For example, a server received a message from another server. This probably indicates a flaw in the remote peer’s implementation.
Received an SSL record that was inappropriate for the current state:
All the error codes in the following block indicate that the local socket received an SSL3 record from the remote peer at a time when it was inappropriate for the peer to have sent this message. This probably indicates a flaw in the remote peer’s implementation.
Received record/message with unknown discriminant:
All the error codes in the following block indicate that the local socket received an SSL3 record or handshake message from the remote peer that it was unable to interpret because the byte that identifies the type of record or message contained an unrecognized value. This probably indicates a flaw in the remote peer’s implementation.
Received an alert report:
All the error codes in the following block indicate that the local socket received an SSL3 or TLS alert record from the remote peer, reporting some issue that it had with an SSL record or handshake message it received. (Some _Alert codes are listed in other blocks.)
Unspecified errors that occurred while attempting some operation:
All the error codes in the following block describe the operation that was being attempted at the time of the unspecified failure. These failures may be caused by the system running out of memory, or errors returned by PKCS#11 routines that did not provide meaningful error codes of their own. These should rarely be seen. (Certain of these error codes have more specific meanings, as described.)
Constant | Value | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SSL_ERROR_EXPORT_ONLY_SERVER | -12288 | «Unable to communicate securely. Peer does not support high-grade encryption.»
The local system was configured to support the cipher suites permitted for domestic use. The remote system was configured to support only the cipher suites permitted for export use. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_US_ONLY_SERVER | -12287 | «Unable to communicate securely. Peer requires high-grade encryption which is not supported.»
The remote system was configured to support the cipher suites permitted for domestic use. The local system was configured to support only the cipher suites permitted for export use. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_NO_CYPHER_OVERLAP | -12286 | «Cannot communicate securely with peer: no common encryption algorithm(s).»
The local and remote systems share no cipher suites in common. This can be due to a misconfiguration at either end. It can be due to a server being misconfigured to use a non-RSA certificate with the RSA key exchange algorithm. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_NO_CERTIFICATE | -12285 | «Unable to find the certificate or key necessary for authentication.»
This error has many potential causes; for example: Certificate or key not found in database. Certificate not marked trusted in database and Certificate’s issuer not marked trusted in database. Wrong password for key database. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_CERTIFICATE | -12284 | «Unable to communicate securely with peer: peers’s certificate was rejected.»
A certificate was received from the remote system and was passed to the certificate authentication callback function provided by the local application. That callback function returned SECFailure, and the bad certificate callback function either was not configured or did not choose to override the error code returned by the certificate authentication callback function. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12283 | (unused) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_CLIENT | -12282 | «The server has encountered bad data from the client.»
This error code should occur only on sockets that are acting as servers. It is a generic error, used when none of the other more specific error codes defined in this file applies. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_SERVER | -12281 | «The client has encountered bad data from the server.»
This error code should occur only on sockets that are acting as clients. It is a generic error, used when none of the other more specific error codes defined in this file applies. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE | -12280 | «Unsupported certificate type.»
The operation encountered a certificate that was not one of the well known certificate types handled by the certificate library. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_UNSUPPORTED_VERSION | -12279 | «Peer using unsupported version of security protocol.»
On a client socket, this means the remote server has attempted to negotiate the use of a version of SSL that is not supported by the NSS library, probably an invalid version number. On a server socket, this means the remote client has requested the use of a version of SSL older than version 2. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12278 | (unused) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12277 | «Client authentication failed: private key in key database does not correspond to public key in certificate database.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_CERT_DOMAIN | -12276 | «Unable to communicate securely with peer: requested domain name does not match the server’s certificate.»
This error code should be returned by the certificate authentication callback function when it detects that the Common Name in the remote server’s certificate does not match the hostname sought by the local client, according to the matching rules specified for CERT_VerifyCertName. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12275 | (unused) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SSL2_DISABLED | -12274 | «Peer only supports SSL version 2, which is locally disabled.»
The remote server has asked to use SSL version 2, and SSL version 2 is disabled in the local client’s configuration. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_MAC_READ | -12273 | «SSL received a record with an incorrect Message Authentication Code.»
This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. If this occurs frequently on a server, an active attack (such as the «million question» attack) may be underway against the server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_MAC_ALERT | -12272 | «SSL peer reports incorrect Message Authentication Code.»
The remote system has reported that it received a message with a bad Message Authentication Code from the local system. This may indicate that an attack on that server is underway. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_CERT_ALERT | -12271 | «SSL peer cannot verify your certificate.»
The remote system has received a certificate from the local system, and has rejected it for some reason. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_REVOKED_CERT_ALERT | -12270 | «SSL peer rejected your certificate as revoked.»
The remote system has received a certificate from the local system, and has determined that the certificate has been revoked. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_EXPIRED_CERT_ALERT | -12269 | «SSL peer rejected your certificate as expired.»
The remote system has received a certificate from the local system, and has determined that the certificate has expired. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SSL_DISABLED | -12268 | «Cannot connect: SSL is disabled.»
The local socket is configured in such a way that it cannot use any of the SSL cipher suites. Possible causes include: (a) both SSL2 and SSL3 are disabled, (b) All the individual SSL cipher suites are disabled, or (c) the socket is configured to handshake as a server, but the certificate associated with that socket is inappropriate for the Key Exchange Algorithm selected. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_FORTEZZA_PQG | -12267 | «Cannot connect: SSL peer is in another FORTEZZA domain.»
The local system and the remote system are in different FORTEZZA domains. They must be in the same domain to communicate. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_UNKNOWN_CIPHER_SUITE | -12266 | «An unknown SSL cipher suite has been requested.»
The application has attempted to configure SSL to use an unknown cipher suite. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_NO_CIPHERS_SUPPORTED | -12265 | «No cipher suites are present and enabled in this program.»
Possible causes: (a) all cipher suites have been configured to be disabled, (b) the only cipher suites that are configured to be enabled are those that are disallowed by cipher export policy, (c) the socket is configured to handshake as a server, but the certificate associated with that socket is inappropriate for the Key Exchange Algorithm selected. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_BAD_BLOCK_PADDING | -12264 | «SSL received a record with bad block padding.»
SSL was using a Block cipher, and the last block in an SSL record had incorrect padding information in it. This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. If this occurs frequently on a server, an active attack (such as the «million question» attack) may be underway against the server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_RECORD_TOO_LONG | -12263 | «SSL received a record that exceeded the maximum permissible length.»
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_TX_RECORD_TOO_LONG | -12262 | «SSL attempted to send a record that exceeded the maximum permissible length.»
This error should never occur. If it does, it indicates a flaw in the NSS SSL library. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_CLOSE_NOTIFY_ALERT | -12230 | «SSL peer has closed this connection.»
The local socket received an SSL3 alert record from the remote peer, reporting that the remote peer has chosen to end the connection. The receipt of this alert is an error only if it occurs while a handshake is in progress. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED | -12210 | «SSL Server attempted to use domestic-grade public key with export cipher suite.»
On a client socket, this error reports that the remote server has failed to perform an «SSL Step down» for an export cipher. It has sent a certificate bearing a domestic-grade public key, but has not sent a ServerKeyExchange message containing an export-grade public key for the key exchange algorithm. Such a connection cannot be permitted without violating U.S. export policies. On a server socket, this indicates a failure of the local library. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_NO_SERVER_KEY_FOR_ALG | -12206 | «Server has no key for the attempted key exchange algorithm.»
An SSL client has requested an SSL cipher suite that uses a Key Exchange Algorithm for which the local server has no appropriate public key. This indicates a configuration error on the local server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_TOKEN_INSERTION_REMOVAL | -12205 | «PKCS #11 token was inserted or removed while operation was in progress.»
A cryptographic operation required to complete the handshake failed because the token that was performing it was removed while the handshake was underway. Another token may also have been inserted into the same slot. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_TOKEN_SLOT_NOT_FOUND | -12204 | «No PKCS#11 token could be found to do a required operation.»
A cryptographic operation required a PKCS#11 token with specific abilities, and no token could be found in any slot, including the «soft token» in the internal virtual slot, that could do the job. May indicate a server configuration error, such as having a certificate that is inappropriate for the Key Exchange Algorithm selected. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12203 | «Cannot communicate securely with peer: no common compression algorithm(s).» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12202 | «Cannot initiate another SSL handshake until current handshake is complete.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12201 | «Received incorrect handshakes hash values from peer.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12200 | «The certificate provided cannot be used with the selected key exchange algorithm.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12199 | «No certificate authority is trusted for SSL client authentication.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12198 | «Client’s SSL session ID not found in server’s session cache.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST | -12261 | «SSL received a malformed Hello Request handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO | -12260 | «SSL received a malformed Client Hello handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_SERVER_HELLO | -12259 | «SSL received a malformed Server Hello handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CERTIFICATE | -12258 | «SSL received a malformed Certificate handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH | -12257 | «SSL received a malformed Server Key Exchange handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CERT_REQUEST | -12256 | «SSL received a malformed Certificate Request handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_HELLO_DONE | -12255 | «SSL received a malformed Server Hello Done handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CERT_VERIFY | -12254 | «SSL received a malformed Certificate Verify handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH | -12253 | «SSL received a malformed Client Key Exchange handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_FINISHED | -12252 | «SSL received a malformed Finished handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER | -12251 | «SSL received a malformed Change Cipher Spec record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_ALERT | -12250 | «SSL received a malformed Alert record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_HANDSHAKE | -12249 | «SSL received a malformed Handshake record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA | -12248 | «SSL received a malformed Application Data record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST | -12247 | «SSL received an unexpected Hello Request handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO | -12246 | «SSL received an unexpected Client Hello handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO | -12245 | «SSL received an unexpected Server Hello handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE | -12244 | «SSL received an unexpected Certificate handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH | -12243 | «SSL received an unexpected Server Key Exchange handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST | -12242 | «SSL received an unexpected Certificate Request handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE | -12241 | «SSL received an unexpected Server Hello Done handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY | -12240 | «SSL received an unexpected Certificate Verify handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH | -12239 | «SSL received an unexpected Client Key Exchange handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_FINISHED | -12238 | «SSL received an unexpected Finished handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER | -12237 | «SSL received an unexpected Change Cipher Spec record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_ALERT | -12236 | «SSL received an unexpected Alert record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE | -12235 | «SSL received an unexpected Handshake record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA | -12234 | «SSL received an unexpected Application Data record.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE | -12233 | «SSL received a record with an unknown content type.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNKNOWN_HANDSHAKE | -12232 | «SSL received a handshake message with an unknown message type.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RX_UNKNOWN_ALERT | -12231 | «SSL received an alert record with an unknown alert description.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT | -12229 | «SSL peer was not expecting a handshake message it received.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT | -12228 | «SSL peer was unable to successfully decompress an SSL record it received.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_HANDSHAKE_FAILURE_ALERT | -12227 | «SSL peer was unable to negotiate an acceptable set of security parameters.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_ILLEGAL_PARAMETER_ALERT | -12226 | «SSL peer rejected a handshake message for unacceptable content.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_UNSUPPORTED_CERT_ALERT | -12225 | «SSL peer does not support certificates of the type it received.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT | -12224 | «SSL peer had some unspecified issue with the certificate it received.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_DECRYPTION_FAILED_ALERT | -12197 | «Peer was unable to decrypt an SSL record it received.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_RECORD_OVERFLOW_ALERT | -12196 | «Peer received an SSL record that was longer than is permitted.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_UNKNOWN_CA_ALERT | -12195 | «Peer does not recognize and trust the CA that issued your certificate.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_ACCESS_DENIED_ALERT | -12194 | «Peer received a valid certificate, but access was denied.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_DECODE_ERROR_ALERT | -12193 | «Peer could not decode an SSL handshake message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_DECRYPT_ERROR_ALERT | -12192 | «Peer reports failure of signature verification or key exchange.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_EXPORT_RESTRICTION_ALERT | -12191 | «Peer reports negotiation not in compliance with export regulations.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_PROTOCOL_VERSION_ALERT | -12190 | «Peer reports incompatible or unsupported protocol version.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT | -12189 | «Server requires ciphers more secure than those supported by client.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_INTERNAL_ERROR_ALERT | -12188 | «Peer reports it experienced an internal error.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_USER_CANCELED_ALERT | -12187 | «Peer user canceled handshake.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-12186 | «Peer does not permit renegotiation of SSL security parameters.» | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_GENERATE_RANDOM_FAILURE | -12223 | «SSL experienced a failure of its random number generator.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SIGN_HASHES_FAILURE | -12222 | «Unable to digitally sign data required to verify your certificate.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE | -12221 | «SSL was unable to extract the public key from the peer’s certificate.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE | -12220 | «Unspecified failure while processing SSL Server Key Exchange handshake.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE | -12219 | «Unspecified failure while processing SSL Client Key Exchange handshake.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_ENCRYPTION_FAILURE | -12218 | «Bulk data encryption algorithm failed in selected cipher suite.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_DECRYPTION_FAILURE | -12217 | «Bulk data decryption algorithm failed in selected cipher suite.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_MD5_DIGEST_FAILURE | -12215 | «MD5 digest function failed.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SHA_DIGEST_FAILURE | -12214 | «SHA-1 digest function failed.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_MAC_COMPUTATION_FAILURE | -12213 | «Message Authentication Code computation failed.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE | -12212 | «Failure to create Symmetric Key context.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE | -12211 | «Failure to unwrap the Symmetric key in Client Key Exchange message.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_IV_PARAM_FAILURE | -12209 | «PKCS11 code failed to translate an IV into a param.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE | -12208 | «Failed to initialize the selected cipher suite.» | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SOCKET_WRITE_FAILURE | -12216 | «Attempt to write encrypted data to underlying socket failed.»
After the data to be sent was encrypted, the attempt to send it out the socket failed. Likely causes include that the peer has closed the connection. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SSL_ERROR_SESSION_KEY_GEN_FAILURE | -12207 | «Failed to generate session keys for SSL session.»
On a client socket, indicates a failure of the PKCS11 key generation function. On a server socket, indicates a failure of one of the following: (a) to unwrap the pre-master secret from the ClientKeyExchange message, (b) to derive the master secret from the premaster secret, (c) to derive the MAC secrets, cryptographic keys, and initialization vectors from the master secret. If encountered repeatedly on a server socket, this can indicate that the server is actively under a «million question» attack. SEC Error CodesTable 8.2 Security error codes defined in secerr.h
|
- This page is part of the SSL Reference that we are migrating into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.
- Upgraded documentation may be found in the Current NSS Reference
NSS and SSL Error Codes
Chapter 8
NSS and SSL Error Codes
NSS error codes are retrieved using the NSPR function PR_GetError. In addition to the error codes defined by NSPR, PR_GetError retrieves the error codes described in this chapter.
SSL Error Codes
SEC Error Codes
SSL Error Codes
Table 8.1 Error codes defined in sslerr.h
Constant | Value | Description |
---|---|---|
SSL_ERROR_EXPORT_ONLY_SERVER | -12288 | «Unable to communicate securely. Peer does not support high-grade encryption.»
The local system was configured to support the cipher suites permitted for domestic use. The remote system was configured to support only the cipher suites permitted for export use. |
SSL_ERROR_US_ONLY_SERVER | -12287 | «Unable to communicate securely. Peer requires high-grade encryption which is not supported.»
The remote system was configured to support the cipher suites permitted for domestic use. The local system was configured to support only the cipher suites permitted for export use. |
SSL_ERROR_NO_CYPHER_OVERLAP | -12286 | «Cannot communicate securely with peer: no common encryption algorithm(s).»
The local and remote systems share no cipher suites in common. This can be due to a misconfiguration at either end. It can be due to a server being misconfigured to use a non-RSA certificate with the RSA key exchange algorithm. |
SSL_ERROR_NO_CERTIFICATE | -12285 | «Unable to find the certificate or key necessary for authentication.»
This error has many potential causes; for example: Certificate or key not found in database. Certificate not marked trusted in database and Certificate’s issuer not marked trusted in database. Wrong password for key database. Missing database. |
SSL_ERROR_BAD_CERTIFICATE | -12284 | «Unable to communicate securely with peer: peers’s certificate was rejected.»
A certificate was received from the remote system and was passed to the certificate authentication callback function provided by the local application. That callback function returned SECFailure, and the bad certificate callback function either was not configured or did not choose to override the error code returned by the certificate authentication callback function. |
-12283 | (unused) | |
SSL_ERROR_BAD_CLIENT | -12282 | «The server has encountered bad data from the client.»
This error code should occur only on sockets that are acting as servers. It is a generic error, used when none of the other more specific error codes defined in this file applies. |
SSL_ERROR_BAD_SERVER | -12281 | «The client has encountered bad data from the server.»
This error code should occur only on sockets that are acting as clients. It is a generic error, used when none of the other more specific error codes defined in this file applies. |
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE | -12280 | «Unsupported certificate type.»
The operation encountered a certificate that was not one of the well known certificate types handled by the certificate library. |
SSL_ERROR_UNSUPPORTED_VERSION | -12279 | «Peer using unsupported version of security protocol.»
On a client socket, this means the remote server has attempted to negotiate the use of a version of SSL that is not supported by the NSS library, probably an invalid version number. On a server socket, this means the remote client has requested the use of a version of SSL older than version 2. |
-12278 | (unused) | |
SSL_ERROR_WRONG_CERTIFICATE | -12277 | «Client authentication failed: private key in key database does not correspond to public key in certificate database.» |
SSL_ERROR_BAD_CERT_DOMAIN | -12276 | «Unable to communicate securely with peer: requested domain name does not match the server’s certificate.»
This error code should be returned by the certificate authentication callback function when it detects that the Common Name in the remote server’s certificate does not match the hostname sought by the local client, according to the matching rules specified for CERT_VerifyCertName. |
SSL_ERROR_POST_WARNING | -12275 | (unused) |
SSL_ERROR_SSL2_DISABLED | -12274 | «Peer only supports SSL version 2, which is locally disabled.»
The remote server has asked to use SSL version 2, and SSL version 2 is disabled in the local client’s configuration. |
SSL_ERROR_BAD_MAC_READ | -12273 | «SSL received a record with an incorrect Message Authentication Code.»
This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. If this occurs frequently on a server, an active attack (such as the «million question» attack) may be underway against the server. |
SSL_ERROR_BAD_MAC_ALERT | -12272 | «SSL peer reports incorrect Message Authentication Code.»
The remote system has reported that it received a message with a bad Message Authentication Code from the local system. This may indicate that an attack on that server is underway. |
SSL_ERROR_BAD_CERT_ALERT | -12271 | «SSL peer cannot verify your certificate.»
The remote system has received a certificate from the local system, and has rejected it for some reason. |
SSL_ERROR_REVOKED_CERT_ALERT | -12270 | «SSL peer rejected your certificate as revoked.»
The remote system has received a certificate from the local system, and has determined that the certificate has been revoked. |
SSL_ERROR_EXPIRED_CERT_ALERT | -12269 | «SSL peer rejected your certificate as expired.»
The remote system has received a certificate from the local system, and has determined that the certificate has expired. |
SSL_ERROR_SSL_DISABLED | -12268 | «Cannot connect: SSL is disabled.»
The local socket is configured in such a way that it cannot use any of the SSL cipher suites. Possible causes include: (a) both SSL2 and SSL3 are disabled, (b) All the individual SSL cipher suites are disabled, or (c) the socket is configured to handshake as a server, but the certificate associated with that socket is inappropriate for the Key Exchange Algorithm selected. |
SSL_ERROR_FORTEZZA_PQG | -12267 | «Cannot connect: SSL peer is in another FORTEZZA domain.»
The local system and the remote system are in different FORTEZZA domains. They must be in the same domain to communicate. |
SSL_ERROR_UNKNOWN_CIPHER_SUITE | -12266 | «An unknown SSL cipher suite has been requested.»
The application has attempted to configure SSL to use an unknown cipher suite. |
SSL_ERROR_NO_CIPHERS_SUPPORTED | -12265 | «No cipher suites are present and enabled in this program.»
Possible causes: (a) all cipher suites have been configured to be disabled, (b) the only cipher suites that are configured to be enabled are those that are disallowed by cipher export policy, (c) the socket is configured to handshake as a server, but the certificate associated with that socket is inappropriate for the Key Exchange Algorithm selected. |
SSL_ERROR_BAD_BLOCK_PADDING | -12264 | «SSL received a record with bad block padding.»
SSL was using a Block cipher, and the last block in an SSL record had incorrect padding information in it. This usually indicates that the client and server have failed to come to agreement on the set of keys used to encrypt the application data and to check message integrity. If this occurs frequently on a server, an active attack (such as the «million question» attack) may be underway against the server. |
SSL_ERROR_RX_RECORD_TOO_LONG | -12263 | «SSL received a record that exceeded the maximum permissible length.»
This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification. |
SSL_ERROR_TX_RECORD_TOO_LONG | -12262 | «SSL attempted to send a record that exceeded the maximum permissible length.»
This error should never occur. If it does, it indicates a flaw in the NSS SSL library. |
SSL_ERROR_CLOSE_NOTIFY_ALERT | -12230 | «SSL peer has closed this connection.»
The local socket received an SSL3 alert record from the remote peer, reporting that the remote peer has chosen to end the connection. The receipt of this alert is an error only if it occurs while a handshake is in progress. |
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED | -12210 | «SSL Server attempted to use domestic-grade public key with export cipher suite.»
On a client socket, this error reports that the remote server has failed to perform an «SSL Step down» for an export cipher. It has sent a certificate bearing a domestic-grade public key, but has not sent a ServerKeyExchange message containing an export-grade public key for the key exchange algorithm. Such a connection cannot be permitted without violating U.S. export policies. On a server socket, this indicates a failure of the local library. |
SSL_ERROR_NO_SERVER_KEY_FOR_ALG | -12206 | «Server has no key for the attempted key exchange algorithm.»
An SSL client has requested an SSL cipher suite that uses a Key Exchange Algorithm for which the local server has no appropriate public key. This indicates a configuration error on the local server. |
SSL_ERROR_TOKEN_INSERTION_REMOVAL | -12205 | «PKCS #11 token was inserted or removed while operation was in progress.»
A cryptographic operation required to complete the handshake failed because the token that was performing it was removed while the handshake was underway. Another token may also have been inserted into the same slot. |
SSL_ERROR_TOKEN_SLOT_NOT_FOUND | -12204 | «No PKCS#11 token could be found to do a required operation.»
A cryptographic operation required a PKCS#11 token with specific abilities, and no token could be found in any slot, including the «soft token» in the internal virtual slot, that could do the job. May indicate a server configuration error, such as having a certificate that is inappropriate for the Key Exchange Algorithm selected. |
SSL_ERROR_NO_COMPRESSION_OVERLAP | -12203 | «Cannot communicate securely with peer: no common compression algorithm(s).» |
SSL_ERROR_HANDSHAKE_NOT_COMPLETED | -12202 | «Cannot initiate another SSL handshake until current handshake is complete.» |
SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE | -12201 | «Received incorrect handshakes hash values from peer.» |
SSL_ERROR_CERT_KEA_MISMATCH | -12200 | «The certificate provided cannot be used with the selected key exchange algorithm.» |
SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA | -12199 | «No certificate authority is trusted for SSL client authentication.» |
SSL_ERROR_SESSION_NOT_FOUND | -12198 | «Client’s SSL session ID not found in server’s session cache.» |
SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED | -12185 | «SSL server cache not configured and not disabled for this socket.» |
SSL_ERROR_RENEGOTIATION_NOT_ALLOWED | -12176 | «Renegotiation is not allowed on this SSL socket.» |
Received a malformed (too long or short or invalid content) SSL handshake: All the error codes in the following block indicate that the local socket received an improperly formatted SSL3 handshake message from the remote peer. This probably indicates a flaw in the remote peer’s implementation. |
||
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST | -12261 | «SSL received a malformed Hello Request handshake message.» |
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO | -12260 | «SSL received a malformed Client Hello handshake message.» |
SSL_ERROR_RX_MALFORMED_SERVER_HELLO | -12259 | «SSL received a malformed Server Hello handshake message.» |
SSL_ERROR_RX_MALFORMED_CERTIFICATE | -12258 | «SSL received a malformed Certificate handshake message.» |
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH | -12257 | «SSL received a malformed Server Key Exchange handshake message.» |
SSL_ERROR_RX_MALFORMED_CERT_REQUEST | -12256 | «SSL received a malformed Certificate Request handshake message.» |
SSL_ERROR_RX_MALFORMED_HELLO_DONE | -12255 | «SSL received a malformed Server Hello Done handshake message.» |
SSL_ERROR_RX_MALFORMED_CERT_VERIFY | -12254 | «SSL received a malformed Certificate Verify handshake message.» |
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH | -12253 | «SSL received a malformed Client Key Exchange handshake message.» |
SSL_ERROR_RX_MALFORMED_FINISHED | -12252 | «SSL received a malformed Finished handshake message.» |
SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET | -12178 | «SSL received a malformed New Session Ticket handshake message.» |
Received a malformed (too long or short) SSL record: All the error codes in the following block indicate that the local socket received an improperly formatted SSL3 record from the remote peer. This probably indicates a flaw in the remote peer’s implementation. |
||
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER | -12251 | «SSL received a malformed Change Cipher Spec record.» |
SSL_ERROR_RX_MALFORMED_ALERT | -12250 | «SSL received a malformed Alert record.» |
SSL_ERROR_RX_MALFORMED_HANDSHAKE | -12249 | «SSL received a malformed Handshake record.» |
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA | -12248 | «SSL received a malformed Application Data record.» |
Received an SSL handshake that was inappropriate for the current state: All the error codes in the following block indicate that the local socket received an SSL3 handshake message from the remote peer at a time when it was inappropriate for the peer to have sent this message. For example, a server received a message from another server. This probably indicates a flaw in the remote peer’s implementation. |
||
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST | -12247 | «SSL received an unexpected Hello Request handshake message.» |
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO | -12246 | «SSL received an unexpected Client Hello handshake message.» |
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO | -12245 | «SSL received an unexpected Server Hello handshake message.» |
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE | -12244 | «SSL received an unexpected Certificate handshake message.» |
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH | -12243 | «SSL received an unexpected Server Key Exchange handshake message.» |
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST | -12242 | «SSL received an unexpected Certificate Request handshake message.» |
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE | -12241 | «SSL received an unexpected Server Hello Done handshake message.» |
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY | -12240 | «SSL received an unexpected Certificate Verify handshake message.» |
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH | -12239 | «SSL received an unexpected Client Key Exchange handshake message.» |
SSL_ERROR_RX_UNEXPECTED_FINISHED | -12238 | «SSL received an unexpected Finished handshake message.» |
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET | -12179 | «SSL received an unexpected New Session Ticket handshake message.» |
Received an SSL record that was inappropriate for the current state: All the error codes in the following block indicate that the local socket received an SSL3 record from the remote peer at a time when it was inappropriate for the peer to have sent this message. This probably indicates a flaw in the remote peer’s implementation. |
||
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER | -12237 | «SSL received an unexpected Change Cipher Spec record.» |
SSL_ERROR_RX_UNEXPECTED_ALERT | -12236 | «SSL received an unexpected Alert record.» |
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE | -12235 | «SSL received an unexpected Handshake record.» |
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA | -12234 | «SSL received an unexpected Application Data record.» |
Received record/message with unknown discriminant: All the error codes in the following block indicate that the local socket received an SSL3 record or handshake message from the remote peer that it was unable to interpret because the byte that identifies the type of record or message contained an unrecognized value. This probably indicates a flaw in the remote peer’s implementation. |
||
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE | -12233 | «SSL received a record with an unknown content type.» |
SSL_ERROR_RX_UNKNOWN_HANDSHAKE | -12232 | «SSL received a handshake message with an unknown message type.» |
SSL_ERROR_RX_UNKNOWN_ALERT | -12231 | «SSL received an alert record with an unknown alert description.» |
Received an alert report: All the error codes in the following block indicate that the local socket received an SSL3 or TLS alert record from the remote peer, reporting some issue that it had with an SSL record or handshake message it received. (Some _Alert codes are listed in other blocks.) |
||
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT | -12229 | «SSL peer was not expecting a handshake message it received.» |
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT | -12228 | «SSL peer was unable to successfully decompress an SSL record it received.» |
SSL_ERROR_HANDSHAKE_FAILURE_ALERT | -12227 | «SSL peer was unable to negotiate an acceptable set of security parameters.» |
SSL_ERROR_ILLEGAL_PARAMETER_ALERT | -12226 | «SSL peer rejected a handshake message for unacceptable content.» |
SSL_ERROR_UNSUPPORTED_CERT_ALERT | -12225 | «SSL peer does not support certificates of the type it received.» |
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT | -12224 | «SSL peer had some unspecified issue with the certificate it received.» |
SSL_ERROR_DECRYPTION_FAILED_ALERT | -12197 | «Peer was unable to decrypt an SSL record it received.» |
SSL_ERROR_RECORD_OVERFLOW_ALERT | -12196 | «Peer received an SSL record that was longer than is permitted.» |
SSL_ERROR_UNKNOWN_CA_ALERT | -12195 | «Peer does not recognize and trust the CA that issued your certificate.» |
SSL_ERROR_ACCESS_DENIED_ALERT | -12194 | «Peer received a valid certificate, but access was denied.» |
SSL_ERROR_DECODE_ERROR_ALERT | -12193 | «Peer could not decode an SSL handshake message.» |
SSL_ERROR_DECRYPT_ERROR_ALERT | -12192 | «Peer reports failure of signature verification or key exchange.» |
SSL_ERROR_EXPORT_RESTRICTION_ALERT | -12191 | «Peer reports negotiation not in compliance with export regulations.» |
SSL_ERROR_PROTOCOL_VERSION_ALERT | -12190 | «Peer reports incompatible or unsupported protocol version.» |
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT | -12189 | «Server requires ciphers more secure than those supported by client.» |
SSL_ERROR_INTERNAL_ERROR_ALERT | -12188 | «Peer reports it experienced an internal error.» |
SSL_ERROR_USER_CANCELED_ALERT | -12187 | «Peer user canceled handshake.» |
SSL_ERROR_NO_RENEGOTIATION_ALERT | -12186 | «Peer does not permit renegotiation of SSL security parameters.» |
SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT | -12184 | «SSL peer does not support requested TLS hello extension.» |
SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT | -12183 | «SSL peer could not obtain your certificate from the supplied URL.» |
SSL_ERROR_UNRECOGNIZED_NAME_ALERT | -12182 | «SSL peer has no certificate for the requested DNS name.» |
SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT | -12181 | «SSL peer was unable to get an OCSP response for its certificate.» |
SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT | -12180 | «SSL peer reported bad certificate hash value.» |
Unspecified errors that occurred while attempting some operation: All the error codes in the following block describe the operation that was being attempted at the time of the unspecified failure. These failures may be caused by the system running out of memory, or errors returned by PKCS#11 routines that did not provide meaningful error codes of their own. These should rarely be seen. (Certain of these error codes have more specific meanings, as described.) |
||
SSL_ERROR_GENERATE_RANDOM_FAILURE | -12223 | «SSL experienced a failure of its random number generator.» |
SSL_ERROR_SIGN_HASHES_FAILURE | -12222 | «Unable to digitally sign data required to verify your certificate.» |
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE | -12221 | «SSL was unable to extract the public key from the peer’s certificate.» |
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE | -12220 | «Unspecified failure while processing SSL Server Key Exchange handshake.» |
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE | -12219 | «Unspecified failure while processing SSL Client Key Exchange handshake.» |
SSL_ERROR_ENCRYPTION_FAILURE | -12218 | «Bulk data encryption algorithm failed in selected cipher suite.» |
SSL_ERROR_DECRYPTION_FAILURE | -12217 | «Bulk data decryption algorithm failed in selected cipher suite.» |
SSL_ERROR_SOCKET_WRITE_FAILURE | -12216 | «Attempt to write encrypted data to underlying socket failed.»
After the data to be sent was encrypted, the attempt to send it out the socket failed. Likely causes include that the peer has closed the connection. |
SSL_ERROR_MD5_DIGEST_FAILURE | -12215 | «MD5 digest function failed.» |
SSL_ERROR_SHA_DIGEST_FAILURE | -12214 | «SHA-1 digest function failed.» |
SSL_ERROR_MAC_COMPUTATION_FAILURE | -12213 | «Message Authentication Code computation failed.» |
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE | -12212 | «Failure to create Symmetric Key context.» |
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE | -12211 | «Failure to unwrap the Symmetric key in Client Key Exchange message.» |
SSL_ERROR_IV_PARAM_FAILURE | -12209 | «PKCS11 code failed to translate an IV into a param.» |
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE | -12208 | «Failed to initialize the selected cipher suite.» |
SSL_ERROR_SESSION_KEY_GEN_FAILURE | -12207 | «Failed to generate session keys for SSL session.»
On a client socket, indicates a failure of the PKCS11 key generation function. On a server socket, indicates a failure of one of the following: (a) to unwrap the pre-master secret from the ClientKeyExchange message, (b) to derive the master secret from the premaster secret, (c) to derive the MAC secrets, cryptographic keys, and initialization vectors from the master secret. If encountered repeatedly on a server socket, this can indicate that the server is actively under a «million question» attack. |
SSL_ERROR_DECOMPRESSION_FAILURE | -12177 | «SSL received a compressed record that could not be decompressed.» |
SEC Error Codes
Table 8.2 Security error codes defined in secerr.h
Constant | Value | Description |
---|---|---|
SEC_ERROR_IO | -8192 | An I/O error occurred during authentication; or an error occurred during crypto operation (other than signature verification). |
SEC_ERROR_LIBRARY_FAILURE | -8191 | Security library failure. |
SEC_ERROR_BAD_DATA | -8190 | Security library: received bad data. |
SEC_ERROR_OUTPUT_LEN | -8189 | Security library: output length error. |
SEC_ERROR_INPUT_LEN | -8188 | Security library: input length error. |
SEC_ERROR_INVALID_ARGS | -8187 | Security library: invalid arguments. |
SEC_ERROR_INVALID_ALGORITHM | -8186 | Security library: invalid algorithm. |
SEC_ERROR_INVALID_AVA | -8185 | Security library: invalid AVA. |
SEC_ERROR_INVALID_TIME | -8184 | Security library: invalid time. |
SEC_ERROR_BAD_DER | -8183 | Security library: improperly formatted DER-encoded message. |
SEC_ERROR_BAD_SIGNATURE | -8182 | Peer’s certificate has an invalid signature. |
SEC_ERROR_EXPIRED_CERTIFICATE | -8181 | Peer’s certificate has expired. |
SEC_ERROR_REVOKED_CERTIFICATE | -8180 | Peer’s certificate has been revoked. |
SEC_ERROR_UNKNOWN_ISSUER | -8179 | Peer’s certificate issuer is not recognized. |
SEC_ERROR_BAD_KEY | -8178 | Peer’s public key is invalid |
SEC_ERROR_BAD_PASSWORD | -8177 | The password entered is incorrect. |
SEC_ERROR_RETRY_PASSWORD | -8176 | New password entered incorrectly. |
SEC_ERROR_NO_NODELOCK | -8175 | Security library: no nodelock. |
SEC_ERROR_BAD_DATABASE | -8174 | Security library: bad database. |
SEC_ERROR_NO_MEMORY | -8173 | Security library: memory allocation failure. |
SEC_ERROR_UNTRUSTED_ISSUER | -8172 | Peer’s certificate issuer has been marked as not trusted by the user. |
SEC_ERROR_UNTRUSTED_CERT | -8171 | Peer’s certificate has been marked as not trusted by the user. |
SEC_ERROR_DUPLICATE_CERT | -8170 | Certificate already exists in your database. |
SEC_ERROR_DUPLICATE_CERT_NAME | -8169 | Downloaded certificate’s name duplicates one already in your database. |
SEC_ERROR_ADDING_CERT | -8168 | Error adding certificate to database. |
SEC_ERROR_FILING_KEY | -8167 | Error refiling the key for this certificate. |
SEC_ERROR_NO_KEY | -8166 | The private key for this certificate cannot be found in key database. |
SEC_ERROR_CERT_VALID | -8165 | This certificate is valid. |
SEC_ERROR_CERT_NOT_VALID | -8164 | This certificate is not valid. |
SEC_ERROR_CERT_NO_RESPONSE | -8163 | Certificate library: no response. |
SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE | -8162 | The certificate issuer’s certificate has expired. |
SEC_ERROR_CRL_EXPIRED | -8161 | The CRL for the certificate’s issuer has expired. |
SEC_ERROR_CRL_BAD_SIGNATURE | -8160 | The CRL for the certificate’s issuer has an invalid signature. |
SEC_ERROR_CRL_INVALID | -8159 | New CRL has an invalid format. |
SEC_ERROR_EXTENSION_VALUE_INVALID | -8158 | Certificate extension value is invalid. |
SEC_ERROR_EXTENSION_NOT_FOUND | -8157 | Certificate extension not found. |
SEC_ERROR_CA_CERT_INVALID | -8156 | Issuer certificate is invalid. |
SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID | -8155 | Certificate path length constraint is invalid. |
SEC_ERROR_CERT_USAGES_INVALID | -8154 | Certificate usages field is invalid. |
SEC_INTERNAL_ONLY | -8153 | Internal-only module. |
SEC_ERROR_INVALID_KEY | -8152 | The key does not support the requested operation. |
SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION | -8151 | Certificate contains unknown critical extension. |
SEC_ERROR_OLD_CRL | -8150 | New CRL is not later than the current one. |
SEC_ERROR_NO_EMAIL_CERT | -8149 | Not encrypted or signed: you do not yet have an email certificate. |
SEC_ERROR_NO_RECIPIENT_CERTS_QUERY | -8148 | Not encrypted: you do not have certificates for each of the recipients. |
SEC_ERROR_NOT_A_RECIPIENT | -8147 | Cannot decrypt: you are not a recipient, or matching certificate and private key not found. |
SEC_ERROR_PKCS7_KEYALG_MISMATCH | -8146 | Cannot decrypt: key encryption algorithm does not match your certificate. |
SEC_ERROR_PKCS7_BAD_SIGNATURE | -8145 | Signature verification failed: no signer found, too many signers found,
or improper or corrupted data. |
SEC_ERROR_UNSUPPORTED_KEYALG | -8144 | Unsupported or unknown key algorithm. |
SEC_ERROR_DECRYPTION_DISALLOWED | -8143 | Cannot decrypt: encrypted using a disallowed algorithm or key size. |
XP_SEC_FORTEZZA_BAD_CARD | -8142 | FORTEZZA card has not been properly initialized. |
XP_SEC_FORTEZZA_NO_CARD | -8141 | No FORTEZZA cards found. |
XP_SEC_FORTEZZA_NONE_SELECTED | -8140 | No FORTEZZA card selected. |
XP_SEC_FORTEZZA_MORE_INFO | -8139 | Please select a personality to get more info on. |
XP_SEC_FORTEZZA_PERSON_NOT_FOUND | -8138 | Personality not found |
XP_SEC_FORTEZZA_NO_MORE_INFO | -8137 | No more information on that personality. |
XP_SEC_FORTEZZA_BAD_PIN | -8136 | Invalid PIN. |
XP_SEC_FORTEZZA_PERSON_ERROR | -8135 | Couldn’t initialize FORTEZZA personalities. |
SEC_ERROR_NO_KRL | -8134 | No KRL for this site’s certificate has been found. |
SEC_ERROR_KRL_EXPIRED | -8133 | The KRL for this site’s certificate has expired. |
SEC_ERROR_KRL_BAD_SIGNATURE | -8132 | The KRL for this site’s certificate has an invalid signature. |
SEC_ERROR_REVOKED_KEY | -8131 | The key for this site’s certificate has been revoked. |
SEC_ERROR_KRL_INVALID | -8130 | New KRL has an invalid format. |
SEC_ERROR_NEED_RANDOM | -8129 | Security library: need random data. |
SEC_ERROR_NO_MODULE | -8128 | Security library: no security module can perform the requested operation. |
SEC_ERROR_NO_TOKEN | -8127 | The security card or token does not exist, needs to be initialized, or has been removed. |
SEC_ERROR_READ_ONLY | -8126 | Security library: read-only database. |
SEC_ERROR_NO_SLOT_SELECTED | -8125 | No slot or token was selected. |
SEC_ERROR_CERT_NICKNAME_COLLISION | -8124 | A certificate with the same nickname already exists. |
SEC_ERROR_KEY_NICKNAME_COLLISION | -8123 | A key with the same nickname already exists. |
SEC_ERROR_SAFE_NOT_CREATED | -8122 | Error while creating safe object. |
SEC_ERROR_BAGGAGE_NOT_CREATED | -8121 | Error while creating baggage object. |
XP_JAVA_REMOVE_PRINCIPAL_ERROR | -8120 | Couldn’t remove the principal. |
XP_JAVA_DELETE_PRIVILEGE_ERROR | -8119 | Couldn’t delete the privilege |
XP_JAVA_CERT_NOT_EXISTS_ERROR | -8118 | This principal doesn’t have a certificate. |
SEC_ERROR_BAD_EXPORT_ALGORITHM | -8117 | Required algorithm is not allowed. |
SEC_ERROR_EXPORTING_CERTIFICATES | -8116 | Error attempting to export certificates. |
SEC_ERROR_IMPORTING_CERTIFICATES | -8115 | Error attempting to import certificates. |
SEC_ERROR_PKCS12_DECODING_PFX | -8114 | Unable to import. Decoding error. File not valid. |
SEC_ERROR_PKCS12_INVALID_MAC | -8113 | Unable to import. Invalid MAC. Incorrect password or corrupt file. |
SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM | -8112 | Unable to import. MAC algorithm not supported. |
SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE | -8111 | Unable to import. Only password integrity and privacy modes supported. |
SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE | -8110 | Unable to import. File structure is corrupt. |
SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM | -8109 | Unable to import. Encryption algorithm not supported. |
SEC_ERROR_PKCS12_UNSUPPORTED_VERSION | -8108 | Unable to import. File version not supported. |
SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT | -8107 | Unable to import. Incorrect privacy password. |
SEC_ERROR_PKCS12_CERT_COLLISION | -8106 | Unable to import. Same nickname already exists in database. |
SEC_ERROR_USER_CANCELLED | -8105 | The user clicked cancel. |
SEC_ERROR_PKCS12_DUPLICATE_DATA | -8104 | Not imported, already in database. |
SEC_ERROR_MESSAGE_SEND_ABORTED | -8103 | Message not sent. |
SEC_ERROR_INADEQUATE_KEY_USAGE | -8102 | Certificate key usage inadequate for attempted operation. |
SEC_ERROR_INADEQUATE_CERT_TYPE | -8101 | Certificate type not approved for application. |
SEC_ERROR_CERT_ADDR_MISMATCH | -8100 | Address in signing certificate does not match address in message headers. |
SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY | -8099 | Unable to import. Error attempting to import private key. |
SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN | -8098 | Unable to import. Error attempting to import certificate chain. |
SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME | -8097 | Unable to export. Unable to locate certificate or key by nickname. |
SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY | -8096 | Unable to export. Private key could not be located and exported. |
SEC_ERROR_PKCS12_UNABLE_TO_WRITE | -8095 | Unable to export. Unable to write the export file. |
SEC_ERROR_PKCS12_UNABLE_TO_READ | -8094 | Unable to import. Unable to read the import file. |
SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED | -8093 | Unable to export. Key database corrupt or deleted. |
SEC_ERROR_KEYGEN_FAIL | -8092 | Unable to generate public-private key pair. |
SEC_ERROR_INVALID_PASSWORD | -8091 | Password entered is invalid. |
SEC_ERROR_RETRY_OLD_PASSWORD | -8090 | Old password entered incorrectly. |
SEC_ERROR_BAD_NICKNAME | -8089 | Certificate nickname already in use. |
SEC_ERROR_NOT_FORTEZZA_ISSUER | -8088 | Peer FORTEZZA chain has a non-FORTEZZA Certificate. |
SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY | -8087 | «A sensitive key cannot be moved to the slot where it is needed.» |
SEC_ERROR_JS_INVALID_MODULE_NAME | -8086 | Invalid module name. |
SEC_ERROR_JS_INVALID_DLL | -8085 | Invalid module path/filename. |
SEC_ERROR_JS_ADD_MOD_FAILURE | -8084 | Unable to add module. |
SEC_ERROR_JS_DEL_MOD_FAILURE | -8083 | Unable to delete module. |
SEC_ERROR_OLD_KRL | -8082 | New KRL is not later than the current one. |
SEC_ERROR_CKL_CONFLICT | -8081 | New CKL has different issuer than current CKL. |
SEC_ERROR_CERT_NOT_IN_NAME_SPACE | -8080 | Certificate issuer is not permitted to issue a certificate with this name. |
SEC_ERROR_KRL_NOT_YET_VALID | -8079 | «The key revocation list for this certificate is not yet valid.» |
SEC_ERROR_CRL_NOT_YET_VALID | -8078 | «The certificate revocation list for this certificate is not yet valid.» |
SEC_ERROR_UNKNOWN_CERT | -8077 | «The requested certificate could not be found.» |
SEC_ERROR_UNKNOWN_SIGNER | -8076 | «The signer’s certificate could not be found.» |
SEC_ERROR_CERT_BAD_ACCESS_LOCATION | -8075 | «The location for the certificate status server has invalid format.» |
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE | -8074 | «The OCSP response cannot be fully decoded; it is of an unknown type.» |
SEC_ERROR_OCSP_BAD_HTTP_RESPONSE | -8073 | «The OCSP server returned unexpected/invalid HTTP data.» |
SEC_ERROR_OCSP_MALFORMED_REQUEST | -8072 | «The OCSP server found the request to be corrupted or improperly formed.» |
SEC_ERROR_OCSP_SERVER_ERROR | -8071 | «The OCSP server experienced an internal error.» |
SEC_ERROR_OCSP_TRY_SERVER_LATER | -8070 | «The OCSP server suggests trying again later.» |
SEC_ERROR_OCSP_REQUEST_NEEDS_SIG | -8069 | «The OCSP server requires a signature on this request.» |
SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST | -8068 | «The OCSP server has refused this request as unauthorized.» |
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS | -8067 | «The OCSP server returned an unrecognizable status.» |
SEC_ERROR_OCSP_UNKNOWN_CERT | -8066 | «The OCSP server has no status for the certificate.» |
SEC_ERROR_OCSP_NOT_ENABLED | -8065 | «You must enable OCSP before performing this operation.» |
SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER | -8064 | «You must set the OCSP default responder before performing this operation.» |
SEC_ERROR_OCSP_MALFORMED_RESPONSE | -8063 | «The response from the OCSP server was corrupted or improperly formed.» |
SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE | -8062 | «The signer of the OCSP response is not authorized to give status for this certificate.» |
SEC_ERROR_OCSP_FUTURE_RESPONSE | -8061 | «The OCSP response is not yet valid (contains a date in the future).» |
SEC_ERROR_OCSP_OLD_RESPONSE | -8060 | «The OCSP response contains out-of-date information.» |
SEC_ERROR_DIGEST_NOT_FOUND | -8059 | «The CMS or PKCS #7 Digest was not found in signed message.» |
SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE | -8058 | «The CMS or PKCS #7 Message type is unsupported.» |
SEC_ERROR_MODULE_STUCK | -8057 | «PKCS #11 module could not be removed because it is still in use.» |
SEC_ERROR_BAD_TEMPLATE | -8056 | «Could not decode ASN.1 data. Specified template was invalid.» |
SEC_ERROR_CRL_NOT_FOUND | -8055 | «No matching CRL was found.» |
SEC_ERROR_REUSED_ISSUER_AND_SERIAL | -8054 | «You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.» |
SEC_ERROR_BUSY | -8053 | «NSS could not shutdown. Objects are still in use.» |
SEC_ERROR_EXTRA_INPUT | -8052 | «DER-encoded message contained extra unused data.» |
SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE | -8051 | «Unsupported elliptic curve.» |
SEC_ERROR_UNSUPPORTED_EC_POINT_FORM | -8050 | «Unsupported elliptic curve point form.» |
SEC_ERROR_UNRECOGNIZED_OID | -8049 | «Unrecognized Object IDentifier.» |
SEC_ERROR_OCSP_INVALID_SIGNING_CERT | -8048 | «Invalid OCSP signing certificate in OCSP response.» |
SEC_ERROR_REVOKED_CERTIFICATE_CRL | -8047 | «Certificate is revoked in issuer’s certificate revocation list.» |
SEC_ERROR_REVOKED_CERTIFICATE_OCSP | -8046 | «Issuer’s OCSP responder reports certificate is revoked.» |
SEC_ERROR_CRL_INVALID_VERSION | -8045 | «Issuer’s Certificate Revocation List has an unknown version number.» |
SEC_ERROR_CRL_V1_CRITICAL_EXTENSION | -8044 | «Issuer’s V1 Certificate Revocation List has a critical extension.» |
SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION | -8043 | «Issuer’s V2 Certificate Revocation List has an unknown critical extension.» |
SEC_ERROR_UNKNOWN_OBJECT_TYPE | -8042 | «Unknown object type specified.» |
SEC_ERROR_INCOMPATIBLE_PKCS11 | -8041 | «PKCS #11 driver violates the spec in an incompatible way.» |
SEC_ERROR_NO_EVENT | -8040 | «No new slot event is available at this time.» |
SEC_ERROR_CRL_ALREADY_EXISTS | -8039 | «CRL already exists.» |
SEC_ERROR_NOT_INITIALIZED | -8038 | «NSS is not initialized.» |
SEC_ERROR_TOKEN_NOT_LOGGED_IN | -8037 | «The operation failed because the PKCS#11 token is not logged in.» |
SEC_ERROR_OCSP_RESPONDER_CERT_INVALID | -8036 | «The configured OCSP responder’s certificate is invalid.» |
SEC_ERROR_OCSP_BAD_SIGNATURE | -8035 | «OCSP response has an invalid signature.» |
SEC_ERROR_OUT_OF_SEARCH_LIMITS | -8034 | «Certification validation search is out of search limits.» |
SEC_ERROR_INVALID_POLICY_MAPPING | -8033 | «Policy mapping contains any-policy.» |
SEC_ERROR_POLICY_VALIDATION_FAILED | -8032 | «Certificate chain fails policy validation.» |
SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE | -8031 | «Unknown location type in certificate AIA extension.» |
SEC_ERROR_BAD_HTTP_RESPONSE | -8030 | «Server returned a bad HTTP response.» |
SEC_ERROR_BAD_LDAP_RESPONSE | -8029 | «Server returned a bad LDAP response.» |
SEC_ERROR_FAILED_TO_ENCODE_DATA | -8028 | «Failed to encode data with ASN.1 encoder.» |
SEC_ERROR_BAD_INFO_ACCESS_LOCATION | -8027 | «Bad information access location in certificate extension.» |
SEC_ERROR_LIBPKIX_INTERNAL | -8026 | «Libpkix internal error occurred during cert validation.» |
SEC_ERROR_PKCS11_GENERAL_ERROR | -8025 | «A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.» |
SEC_ERROR_PKCS11_FUNCTION_FAILED | -8024 | «A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.» |
SEC_ERROR_PKCS11_DEVICE_ERROR | -8023 | «A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.» |
SEC_ERROR_BAD_INFO_ACCESS_METHOD | -8022 | «Unknown information access method in certificate extension.» |
SEC_ERROR_CRL_IMPORT_FAILED | -8021 | «Error attempting to import a CRL.» |
Home | Trees | Indices | Help |
---|
Module error
This module defines the NSPR errors and provides functions to
manipulate them.
NSPR Error Constants:
SSL_ERROR_EXPORT_ONLY_SERVER: Unable to communicate securely. Peer does not support high-grade encryption.
SSL_ERROR_US_ONLY_SERVER: Unable to communicate securely. Peer requires high-grade encryption which is not supported.
SSL_ERROR_NO_CYPHER_OVERLAP: Cannot communicate securely with peer: no common encryption algorithm(s).
SSL_ERROR_NO_CERTIFICATE: Unable to find the certificate or key necessary for authentication.
SSL_ERROR_BAD_CERTIFICATE: Unable to communicate securely with peer: peers’s certificate was rejected.
SSL_ERROR_UNUSED_5: Unrecognized SSL error code.
SSL_ERROR_BAD_CLIENT: The server has encountered bad data from the client.
SSL_ERROR_BAD_SERVER: The client has encountered bad data from the server.
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE: Unsupported certificate type.
SSL_ERROR_UNSUPPORTED_VERSION: Peer using unsupported version of security protocol.
SSL_ERROR_UNUSED_10: Unrecognized SSL error code.
SSL_ERROR_WRONG_CERTIFICATE: Client authentication failed: private key in key database does not match public key in certificate database.
SSL_ERROR_BAD_CERT_DOMAIN: Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
SSL_ERROR_POST_WARNING: Unrecognized SSL error code.
SSL_ERROR_SSL2_DISABLED: Peer only supports SSL version 2, which is locally disabled.
SSL_ERROR_BAD_MAC_READ: SSL received a record with an incorrect Message Authentication Code.
SSL_ERROR_BAD_MAC_ALERT: SSL peer reports incorrect Message Authentication Code.
SSL_ERROR_BAD_CERT_ALERT: SSL peer cannot verify your certificate.
SSL_ERROR_REVOKED_CERT_ALERT: SSL peer rejected your certificate as revoked.
SSL_ERROR_EXPIRED_CERT_ALERT: SSL peer rejected your certificate as expired.
SSL_ERROR_SSL_DISABLED: Cannot connect: SSL is disabled.
SSL_ERROR_FORTEZZA_PQG: Cannot connect: SSL peer is in another FORTEZZA domain.
SSL_ERROR_UNKNOWN_CIPHER_SUITE: An unknown SSL cipher suite has been requested.
SSL_ERROR_NO_CIPHERS_SUPPORTED: No cipher suites are present and enabled in this program.
SSL_ERROR_BAD_BLOCK_PADDING: SSL received a record with bad block padding.
SSL_ERROR_RX_RECORD_TOO_LONG: SSL received a record that exceeded the maximum permissible length.
SSL_ERROR_TX_RECORD_TOO_LONG: SSL attempted to send a record that exceeded the maximum permissible length.
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST: SSL received a malformed Hello Request handshake message.
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO: SSL received a malformed Client Hello handshake message.
SSL_ERROR_RX_MALFORMED_SERVER_HELLO: SSL received a malformed Server Hello handshake message.
SSL_ERROR_RX_MALFORMED_CERTIFICATE: SSL received a malformed Certificate handshake message.
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH: SSL received a malformed Server Key Exchange handshake message.
SSL_ERROR_RX_MALFORMED_CERT_REQUEST: SSL received a malformed Certificate Request handshake message.
SSL_ERROR_RX_MALFORMED_HELLO_DONE: SSL received a malformed Server Hello Done handshake message.
SSL_ERROR_RX_MALFORMED_CERT_VERIFY: SSL received a malformed Certificate Verify handshake message.
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH: SSL received a malformed Client Key Exchange handshake message.
SSL_ERROR_RX_MALFORMED_FINISHED: SSL received a malformed Finished handshake message.
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER: SSL received a malformed Change Cipher Spec record.
SSL_ERROR_RX_MALFORMED_ALERT: SSL received a malformed Alert record.
SSL_ERROR_RX_MALFORMED_HANDSHAKE: SSL received a malformed Handshake record.
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA: SSL received a malformed Application Data record.
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST: SSL received an unexpected Hello Request handshake message.
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO: SSL received an unexpected Client Hello handshake message.
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO: SSL received an unexpected Server Hello handshake message.
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE: SSL received an unexpected Certificate handshake message.
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH: SSL received an unexpected Server Key Exchange handshake message.
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST: SSL received an unexpected Certificate Request handshake message.
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE: SSL received an unexpected Server Hello Done handshake message.
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY: SSL received an unexpected Certificate Verify handshake message.
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH: SSL received an unexpected Client Key Exchange handshake message.
SSL_ERROR_RX_UNEXPECTED_FINISHED: SSL received an unexpected Finished handshake message.
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER: SSL received an unexpected Change Cipher Spec record.
SSL_ERROR_RX_UNEXPECTED_ALERT: SSL received an unexpected Alert record.
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE: SSL received an unexpected Handshake record.
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA: SSL received an unexpected Application Data record.
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE: SSL received a record with an unknown content type.
SSL_ERROR_RX_UNKNOWN_HANDSHAKE: SSL received a handshake message with an unknown message type.
SSL_ERROR_RX_UNKNOWN_ALERT: SSL received an alert record with an unknown alert description.
SSL_ERROR_CLOSE_NOTIFY_ALERT: SSL peer has closed this connection.
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: SSL peer was not expecting a handshake message it received.
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT: SSL peer was unable to successfully decompress an SSL record it received.
SSL_ERROR_HANDSHAKE_FAILURE_ALERT: SSL peer was unable to negotiate an acceptable set of security parameters.
SSL_ERROR_ILLEGAL_PARAMETER_ALERT: SSL peer rejected a handshake message for unacceptable content.
SSL_ERROR_UNSUPPORTED_CERT_ALERT: SSL peer does not support certificates of the type it received.
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT: SSL peer had some unspecified issue with the certificate it received.
SSL_ERROR_GENERATE_RANDOM_FAILURE: SSL experienced a failure of its random number generator.
SSL_ERROR_SIGN_HASHES_FAILURE: Unable to digitally sign data required to verify your certificate.
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE: SSL was unable to extract the public key from the peer’s certificate.
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE: Unspecified failure while processing SSL Server Key Exchange handshake.
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE: Unspecified failure while processing SSL Client Key Exchange handshake.
SSL_ERROR_ENCRYPTION_FAILURE: Bulk data encryption algorithm failed in selected cipher suite.
SSL_ERROR_DECRYPTION_FAILURE: Bulk data decryption algorithm failed in selected cipher suite.
SSL_ERROR_SOCKET_WRITE_FAILURE: Attempt to write encrypted data to underlying socket failed.
SSL_ERROR_MD5_DIGEST_FAILURE: MD5 digest function failed.
SSL_ERROR_SHA_DIGEST_FAILURE: SHA-1 digest function failed.
SSL_ERROR_MAC_COMPUTATION_FAILURE: MAC computation failed.
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE: Failure to create Symmetric Key context.
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE: Failure to unwrap the Symmetric key in Client Key Exchange message.
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED: SSL Server attempted to use domestic-grade public key with export cipher suite.
SSL_ERROR_IV_PARAM_FAILURE: PKCS11 code failed to translate an IV into a param.
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE: Failed to initialize the selected cipher suite.
SSL_ERROR_SESSION_KEY_GEN_FAILURE: Client failed to generate session keys for SSL session.
SSL_ERROR_NO_SERVER_KEY_FOR_ALG: Server has no key for the attempted key exchange algorithm.
SSL_ERROR_TOKEN_INSERTION_REMOVAL: PKCS#11 token was inserted or removed while operation was in progress.
SSL_ERROR_TOKEN_SLOT_NOT_FOUND: No PKCS#11 token could be found to do a required operation.
SSL_ERROR_NO_COMPRESSION_OVERLAP: Cannot communicate securely with peer: no common compression algorithm(s).
SSL_ERROR_HANDSHAKE_NOT_COMPLETED: Cannot perform the operation until the handshake is complete.
SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE: Received incorrect handshakes hash values from peer.
SSL_ERROR_CERT_KEA_MISMATCH: The certificate provided cannot be used with the selected key exchange algorithm.
SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA: No certificate authority is trusted for SSL client authentication.
SSL_ERROR_SESSION_NOT_FOUND: Client’s SSL session ID not found in server’s session cache.
SSL_ERROR_DECRYPTION_FAILED_ALERT: Peer was unable to decrypt an SSL record it received.
SSL_ERROR_RECORD_OVERFLOW_ALERT: Peer received an SSL record that was longer than is permitted.
SSL_ERROR_UNKNOWN_CA_ALERT: Peer does not recognize and trust the CA that issued your certificate.
SSL_ERROR_ACCESS_DENIED_ALERT: Peer received a valid certificate, but access was denied.
SSL_ERROR_DECODE_ERROR_ALERT: Peer could not decode an SSL handshake message.
SSL_ERROR_DECRYPT_ERROR_ALERT: Peer reports failure of signature verification or key exchange.
SSL_ERROR_EXPORT_RESTRICTION_ALERT: Peer reports negotiation not in compliance with export regulations.
SSL_ERROR_PROTOCOL_VERSION_ALERT: Peer reports incompatible or unsupported protocol version.
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT: Server requires ciphers more secure than those supported by client.
SSL_ERROR_INTERNAL_ERROR_ALERT: Peer reports it experienced an internal error.
SSL_ERROR_USER_CANCELED_ALERT: Peer user canceled handshake.
SSL_ERROR_NO_RENEGOTIATION_ALERT: Peer does not permit renegotiation of SSL security parameters.
SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED: SSL server cache not configured and not disabled for this socket.
SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT: SSL peer does not support requested TLS hello extension.
SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT: SSL peer could not obtain your certificate from the supplied URL.
SSL_ERROR_UNRECOGNIZED_NAME_ALERT: SSL peer has no certificate for the requested DNS name.
SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT: SSL peer was unable to get an OCSP response for its certificate.
SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT: SSL peer reported bad certificate hash value.
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET: SSL received an unexpected New Session Ticket handshake message.
SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET: SSL received a malformed New Session Ticket handshake message.
SSL_ERROR_DECOMPRESSION_FAILURE: SSL received a compressed record that could not be decompressed.
SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: Renegotiation is not allowed on this SSL socket.
SSL_ERROR_UNSAFE_NEGOTIATION: Peer attempted old style (potentially vulnerable) handshake.
SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD: SSL received an unexpected uncompressed record.
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY: SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID: SSL received invalid NPN extension data.
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2: SSL feature not supported for SSL 2.0 connections.
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS: SSL feature not supported for servers.
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS: SSL feature not supported for clients.
SSL_ERROR_INVALID_VERSION_RANGE: SSL version range is not valid.
SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION: SSL peer selected a cipher suite disallowed for the selected protocol version.
SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST: SSL received a malformed Hello Verify Request handshake message.
SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST: SSL received an unexpected Hello Verify Request handshake message.
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION: SSL feature not supported for the protocol version.
SSL_ERROR_RX_UNEXPECTED_CERT_STATUS: SSL received an unexpected Certificate Status handshake message.
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM: Unsupported hash algorithm used by TLS peer.
SSL_ERROR_DIGEST_FAILURE: Digest function failed.
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM: Incorrect signature algorithm specified in a digitally-signed element.
SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK: The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL: The server supports no protocols that the client advertises in the ALPN extension.
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT: The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.
SEC_ERROR_IO: An I/O error occurred during security authorization.
SEC_ERROR_LIBRARY_FAILURE: security library failure.
SEC_ERROR_BAD_DATA: security library: received bad data.
SEC_ERROR_OUTPUT_LEN: security library: output length error.
SEC_ERROR_INPUT_LEN: security library has experienced an input length error.
SEC_ERROR_INVALID_ARGS: security library: invalid arguments.
SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm.
SEC_ERROR_INVALID_AVA: security library: invalid AVA.
SEC_ERROR_INVALID_TIME: Improperly formatted time string.
SEC_ERROR_BAD_DER: security library: improperly formatted DER-encoded message.
SEC_ERROR_BAD_SIGNATURE: Peer’s certificate has an invalid signature.
SEC_ERROR_EXPIRED_CERTIFICATE: Peer’s Certificate has expired.
SEC_ERROR_REVOKED_CERTIFICATE: Peer’s Certificate has been revoked.
SEC_ERROR_UNKNOWN_ISSUER: Peer’s Certificate issuer is not recognized.
SEC_ERROR_BAD_KEY: Peer’s public key is invalid.
SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
SEC_ERROR_RETRY_PASSWORD: New password entered incorrectly. Please try again.
SEC_ERROR_NO_NODELOCK: security library: no nodelock.
SEC_ERROR_BAD_DATABASE: security library: bad database.
SEC_ERROR_NO_MEMORY: security library: memory allocation failure.
SEC_ERROR_UNTRUSTED_ISSUER: Peer’s certificate issuer has been marked as not trusted by the user.
SEC_ERROR_UNTRUSTED_CERT: Peer’s certificate has been marked as not trusted by the user.
SEC_ERROR_DUPLICATE_CERT: Certificate already exists in your database.
SEC_ERROR_DUPLICATE_CERT_NAME: Downloaded certificate’s name duplicates one already in your database.
SEC_ERROR_ADDING_CERT: Error adding certificate to database.
SEC_ERROR_FILING_KEY: Error refiling the key for this certificate.
SEC_ERROR_NO_KEY: The private key for this certificate cannot be found in key database
SEC_ERROR_CERT_VALID: This certificate is valid.
SEC_ERROR_CERT_NOT_VALID: This certificate is not valid.
SEC_ERROR_CERT_NO_RESPONSE: Cert Library: No Response
SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: The certificate issuer’s certificate has expired. Check your system date and time.
SEC_ERROR_CRL_EXPIRED: The CRL for the certificate’s issuer has expired. Update it or check your system date and time.
SEC_ERROR_CRL_BAD_SIGNATURE: The CRL for the certificate’s issuer has an invalid signature.
SEC_ERROR_CRL_INVALID: New CRL has an invalid format.
SEC_ERROR_EXTENSION_VALUE_INVALID: Certificate extension value is invalid.
SEC_ERROR_EXTENSION_NOT_FOUND: Certificate extension not found.
SEC_ERROR_CA_CERT_INVALID: Issuer certificate is invalid.
SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID: Certificate path length constraint is invalid.
SEC_ERROR_CERT_USAGES_INVALID: Certificate usages field is invalid.
SEC_INTERNAL_ONLY: Internal ONLY module
SEC_ERROR_INVALID_KEY: The key does not support the requested operation.
SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: Certificate contains unknown critical extension.
SEC_ERROR_OLD_CRL: New CRL is not later than the current one.
SEC_ERROR_NO_EMAIL_CERT: Not encrypted or signed: you do not yet have an email certificate.
SEC_ERROR_NO_RECIPIENT_CERTS_QUERY: Not encrypted: you do not have certificates for each of the recipients.
SEC_ERROR_NOT_A_RECIPIENT: Cannot decrypt: you are not a recipient, or matching certificate and private key not found.
SEC_ERROR_PKCS7_KEYALG_MISMATCH: Cannot decrypt: key encryption algorithm does not match your certificate.
SEC_ERROR_PKCS7_BAD_SIGNATURE: Signature verification failed: no signer found, too many signers found, or improper or corrupted data.
SEC_ERROR_UNSUPPORTED_KEYALG: Unsupported or unknown key algorithm.
SEC_ERROR_DECRYPTION_DISALLOWED: Cannot decrypt: encrypted using a disallowed algorithm or key size.
XP_SEC_FORTEZZA_BAD_CARD: Fortezza card has not been properly initialized. Please remove it and return it to your issuer.
XP_SEC_FORTEZZA_NO_CARD: No Fortezza cards Found
XP_SEC_FORTEZZA_NONE_SELECTED: No Fortezza card selected
XP_SEC_FORTEZZA_MORE_INFO: Please select a personality to get more info on
XP_SEC_FORTEZZA_PERSON_NOT_FOUND: Personality not found
XP_SEC_FORTEZZA_NO_MORE_INFO: No more information on that Personality
XP_SEC_FORTEZZA_BAD_PIN: Invalid Pin
XP_SEC_FORTEZZA_PERSON_ERROR: Couldn’t initialize Fortezza personalities.
SEC_ERROR_NO_KRL: No KRL for this site’s certificate has been found.
SEC_ERROR_KRL_EXPIRED: The KRL for this site’s certificate has expired.
SEC_ERROR_KRL_BAD_SIGNATURE: The KRL for this site’s certificate has an invalid signature.
SEC_ERROR_REVOKED_KEY: The key for this site’s certificate has been revoked.
SEC_ERROR_KRL_INVALID: New KRL has an invalid format.
SEC_ERROR_NEED_RANDOM: security library: need random data.
SEC_ERROR_NO_MODULE: security library: no security module can perform the requested operation.
SEC_ERROR_NO_TOKEN: The security card or token does not exist, needs to be initialized, or has been removed.
SEC_ERROR_READ_ONLY: security library: read-only database.
SEC_ERROR_NO_SLOT_SELECTED: No slot or token was selected.
SEC_ERROR_CERT_NICKNAME_COLLISION: A certificate with the same nickname already exists.
SEC_ERROR_KEY_NICKNAME_COLLISION: A key with the same nickname already exists.
SEC_ERROR_SAFE_NOT_CREATED: error while creating safe object
SEC_ERROR_BAGGAGE_NOT_CREATED: error while creating baggage object
XP_JAVA_REMOVE_PRINCIPAL_ERROR: Couldn’t remove the principal
XP_JAVA_DELETE_PRIVILEGE_ERROR: Couldn’t delete the privilege
XP_JAVA_CERT_NOT_EXISTS_ERROR: This principal doesn’t have a certificate
SEC_ERROR_BAD_EXPORT_ALGORITHM: Required algorithm is not allowed.
SEC_ERROR_EXPORTING_CERTIFICATES: Error attempting to export certificates.
SEC_ERROR_IMPORTING_CERTIFICATES: Error attempting to import certificates.
SEC_ERROR_PKCS12_DECODING_PFX: Unable to import. Decoding error. File not valid.
SEC_ERROR_PKCS12_INVALID_MAC: Unable to import. Invalid MAC. Incorrect password or corrupt file.
SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM: Unable to import. MAC algorithm not supported.
SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE: Unable to import. Only password integrity and privacy modes supported.
SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE: Unable to import. File structure is corrupt.
SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM: Unable to import. Encryption algorithm not supported.
SEC_ERROR_PKCS12_UNSUPPORTED_VERSION: Unable to import. File version not supported.
SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT: Unable to import. Incorrect privacy password.
SEC_ERROR_PKCS12_CERT_COLLISION: Unable to import. Same nickname already exists in database.
SEC_ERROR_USER_CANCELLED: The user pressed cancel.
SEC_ERROR_PKCS12_DUPLICATE_DATA: Not imported, already in database.
SEC_ERROR_MESSAGE_SEND_ABORTED: Message not sent.
SEC_ERROR_INADEQUATE_KEY_USAGE: Certificate key usage inadequate for attempted operation.
SEC_ERROR_INADEQUATE_CERT_TYPE: Certificate type not approved for application.
SEC_ERROR_CERT_ADDR_MISMATCH: Address in signing certificate does not match address in message headers.
SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN: Unable to import. Error attempting to import certificate chain.
SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME: Unable to export. Unable to locate certificate or key by nickname.
SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY: Unable to export. Private Key could not be located and exported.
SEC_ERROR_PKCS12_UNABLE_TO_WRITE: Unable to export. Unable to write the export file.
SEC_ERROR_PKCS12_UNABLE_TO_READ: Unable to import. Unable to read the import file.
SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED: Unable to export. Key database corrupt or deleted.
SEC_ERROR_KEYGEN_FAIL: Unable to generate public/private key pair.
SEC_ERROR_INVALID_PASSWORD: Password entered is invalid. Please pick a different one.
SEC_ERROR_RETRY_OLD_PASSWORD: Old password entered incorrectly. Please try again.
SEC_ERROR_BAD_NICKNAME: Certificate nickname already in use.
SEC_ERROR_NOT_FORTEZZA_ISSUER: Peer FORTEZZA chain has a non-FORTEZZA Certificate.
SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY: A sensitive key cannot be moved to the slot where it is needed.
SEC_ERROR_JS_INVALID_MODULE_NAME: Invalid module name.
SEC_ERROR_JS_INVALID_DLL: Invalid module path/filename
SEC_ERROR_JS_ADD_MOD_FAILURE: Unable to add module
SEC_ERROR_JS_DEL_MOD_FAILURE: Unable to delete module
SEC_ERROR_OLD_KRL: New KRL is not later than the current one.
SEC_ERROR_CKL_CONFLICT: New CKL has different issuer than current CKL. Delete current CKL.
SEC_ERROR_CERT_NOT_IN_NAME_SPACE: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
SEC_ERROR_KRL_NOT_YET_VALID: The key revocation list for this certificate is not yet valid.
SEC_ERROR_CRL_NOT_YET_VALID: The certificate revocation list for this certificate is not yet valid.
SEC_ERROR_UNKNOWN_CERT: The requested certificate could not be found.
SEC_ERROR_UNKNOWN_SIGNER: The signer’s certificate could not be found.
SEC_ERROR_CERT_BAD_ACCESS_LOCATION: The location for the certificate status server has invalid format.
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE: The OCSP response cannot be fully decoded; it is of an unknown type.
SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: The OCSP server returned unexpected/invalid HTTP data.
SEC_ERROR_OCSP_MALFORMED_REQUEST: The OCSP server found the request to be corrupted or improperly formed.
SEC_ERROR_OCSP_SERVER_ERROR: The OCSP server experienced an internal error.
SEC_ERROR_OCSP_TRY_SERVER_LATER: The OCSP server suggests trying again later.
SEC_ERROR_OCSP_REQUEST_NEEDS_SIG: The OCSP server requires a signature on this request.
SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST: The OCSP server has refused this request as unauthorized.
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS: The OCSP server returned an unrecognizable status.
SEC_ERROR_OCSP_UNKNOWN_CERT: The OCSP server has no status for the certificate.
SEC_ERROR_OCSP_NOT_ENABLED: You must enable OCSP before performing this operation.
SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER: You must set the OCSP default responder before performing this operation.
SEC_ERROR_OCSP_MALFORMED_RESPONSE: The response from the OCSP server was corrupted or improperly formed.
SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE: The signer of the OCSP response is not authorized to give status for this certificate.
SEC_ERROR_OCSP_FUTURE_RESPONSE: The OCSP response is not yet valid (contains a date in the future).
SEC_ERROR_OCSP_OLD_RESPONSE: The OCSP response contains out-of-date information.
SEC_ERROR_DIGEST_NOT_FOUND: The CMS or PKCS #7 Digest was not found in signed message.
SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE: The CMS or PKCS #7 Message type is unsupported.
SEC_ERROR_MODULE_STUCK: PKCS #11 module could not be removed because it is still in use.
SEC_ERROR_BAD_TEMPLATE: Could not decode ASN.1 data. Specified template was invalid.
SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
SEC_ERROR_REUSED_ISSUER_AND_SERIAL: You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
SEC_ERROR_BUSY: NSS could not shutdown. Objects are still in use.
SEC_ERROR_EXTRA_INPUT: DER-encoded message contained extra unused data.
SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: Unsupported elliptic curve.
SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: Unsupported elliptic curve point form.
SEC_ERROR_UNRECOGNIZED_OID: Unrecognized Object Identifier.
SEC_ERROR_OCSP_INVALID_SIGNING_CERT: Invalid OCSP signing certificate in OCSP response.
SEC_ERROR_REVOKED_CERTIFICATE_CRL: Certificate is revoked in issuer’s certificate revocation list.
SEC_ERROR_REVOKED_CERTIFICATE_OCSP: Issuer’s OCSP responder reports certificate is revoked.
SEC_ERROR_CRL_INVALID_VERSION: Issuer’s Certificate Revocation List has an unknown version number.
SEC_ERROR_CRL_V1_CRITICAL_EXTENSION: Issuer’s V1 Certificate Revocation List has a critical extension.
SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION: Issuer’s V2 Certificate Revocation List has an unknown critical extension.
SEC_ERROR_UNKNOWN_OBJECT_TYPE: Unknown object type specified.
SEC_ERROR_INCOMPATIBLE_PKCS11: PKCS #11 driver violates the spec in an incompatible way.
SEC_ERROR_NO_EVENT: No new slot event is available at this time.
SEC_ERROR_CRL_ALREADY_EXISTS: CRL already exists.
SEC_ERROR_NOT_INITIALIZED: NSS is not initialized.
SEC_ERROR_TOKEN_NOT_LOGGED_IN: The operation failed because the PKCS#11 token is not logged in.
SEC_ERROR_OCSP_RESPONDER_CERT_INVALID: Configured OCSP responder’s certificate is invalid.
SEC_ERROR_OCSP_BAD_SIGNATURE: OCSP response has an invalid signature.
SEC_ERROR_OUT_OF_SEARCH_LIMITS: Cert validation search is out of search limits
SEC_ERROR_INVALID_POLICY_MAPPING: Policy mapping contains anypolicy
SEC_ERROR_POLICY_VALIDATION_FAILED: Cert chain fails policy validation
SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE: Unknown location type in cert AIA extension
SEC_ERROR_BAD_HTTP_RESPONSE: Server returned bad HTTP response
SEC_ERROR_BAD_LDAP_RESPONSE: Server returned bad LDAP response
SEC_ERROR_FAILED_TO_ENCODE_DATA: Failed to encode data with ASN1 encoder
SEC_ERROR_BAD_INFO_ACCESS_LOCATION: Bad information access location in cert extension
SEC_ERROR_LIBPKIX_INTERNAL: Libpkix internal error occurred during cert validation.
SEC_ERROR_PKCS11_GENERAL_ERROR: A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
SEC_ERROR_PKCS11_FUNCTION_FAILED: A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.
SEC_ERROR_PKCS11_DEVICE_ERROR: A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.
SEC_ERROR_BAD_INFO_ACCESS_METHOD: Unknown information access method in certificate extension.
SEC_ERROR_CRL_IMPORT_FAILED: Error attempting to import a CRL.
SEC_ERROR_EXPIRED_PASSWORD: The password expired.
SEC_ERROR_LOCKED_PASSWORD: The password is locked.
SEC_ERROR_UNKNOWN_PKCS11_ERROR: Unknown PKCS #11 error.
SEC_ERROR_BAD_CRL_DP_URL: Invalid or unsupported URL in CRL distribution point name.
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: The certificate was signed using a signature algorithm that is disabled because it is not secure.
SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
SEC_ERROR_APPLICATION_CALLBACK_ERROR: The certificate was rejected by extra checks in the application.
PR_OUT_OF_MEMORY_ERROR: Memory allocation attempt failed.
PR_BAD_DESCRIPTOR_ERROR: Invalid file descriptor.
PR_WOULD_BLOCK_ERROR: The operation would have blocked.
PR_ACCESS_FAULT_ERROR: Invalid memory address argument.
PR_INVALID_METHOD_ERROR: Invalid function for file type.
PR_ILLEGAL_ACCESS_ERROR: Invalid memory address argument.
PR_UNKNOWN_ERROR: Some unknown error has occurred.
PR_PENDING_INTERRUPT_ERROR: Operation interrupted by another thread.
PR_NOT_IMPLEMENTED_ERROR: function not implemented.
PR_IO_ERROR: I/O function error.
PR_IO_TIMEOUT_ERROR: I/O operation timed out.
PR_IO_PENDING_ERROR: I/O operation on busy file descriptor.
PR_DIRECTORY_OPEN_ERROR: The directory could not be opened.
PR_INVALID_ARGUMENT_ERROR: Invalid function argument.
PR_ADDRESS_NOT_AVAILABLE_ERROR: Network address not available (in use?).
PR_ADDRESS_NOT_SUPPORTED_ERROR: Network address type not supported.
PR_IS_CONNECTED_ERROR: Already connected.
PR_BAD_ADDRESS_ERROR: Network address is invalid.
PR_ADDRESS_IN_USE_ERROR: Local Network address is in use.
PR_CONNECT_REFUSED_ERROR: Connection refused by peer.
PR_NETWORK_UNREACHABLE_ERROR: Network address is presently unreachable.
PR_CONNECT_TIMEOUT_ERROR: Connection attempt timed out.
PR_NOT_CONNECTED_ERROR: Network file descriptor is not connected.
PR_LOAD_LIBRARY_ERROR: Failure to load dynamic library.
PR_UNLOAD_LIBRARY_ERROR: Failure to unload dynamic library.
PR_FIND_SYMBOL_ERROR: Symbol not found in any of the loaded dynamic libraries.
PR_INSUFFICIENT_RESOURCES_ERROR: Insufficient system resources.
PR_DIRECTORY_LOOKUP_ERROR: A directory lookup on a network address has failed.
PR_TPD_RANGE_ERROR: Attempt to access a TPD key that is out of range.
PR_PROC_DESC_TABLE_FULL_ERROR: Process open FD table is full.
PR_SYS_DESC_TABLE_FULL_ERROR: System open FD table is full.
PR_NOT_SOCKET_ERROR: Network operation attempted on non-network file descriptor.
PR_NOT_TCP_SOCKET_ERROR: TCP-specific function attempted on a non-TCP file descriptor.
PR_SOCKET_ADDRESS_IS_BOUND_ERROR: TCP file descriptor is already bound.
PR_NO_ACCESS_RIGHTS_ERROR: Access Denied.
PR_OPERATION_NOT_SUPPORTED_ERROR: The requested operation is not supported by the platform.
PR_PROTOCOL_NOT_SUPPORTED_ERROR: The host operating system does not support the protocol requested.
PR_REMOTE_FILE_ERROR: Access to the remote file has been severed.
PR_BUFFER_OVERFLOW_ERROR: The value requested is too large to be stored in the data buffer provided.
PR_CONNECT_RESET_ERROR: TCP connection reset by peer.
PR_RANGE_ERROR: Unused.
PR_DEADLOCK_ERROR: The operation would have deadlocked.
PR_FILE_IS_LOCKED_ERROR: The file is already locked.
PR_FILE_TOO_BIG_ERROR: Write would result in file larger than the system allows.
PR_NO_DEVICE_SPACE_ERROR: The device for storing the file is full.
PR_PIPE_ERROR: Unused.
PR_NO_SEEK_DEVICE_ERROR: Unused.
PR_IS_DIRECTORY_ERROR: Cannot perform a normal file operation on a directory.
PR_LOOP_ERROR: Symbolic link loop.
PR_NAME_TOO_LONG_ERROR: File name is too long.
PR_FILE_NOT_FOUND_ERROR: File not found.
PR_NOT_DIRECTORY_ERROR: Cannot perform directory operation on a normal file.
PR_READ_ONLY_FILESYSTEM_ERROR: Cannot write to a read-only file system.
PR_DIRECTORY_NOT_EMPTY_ERROR: Cannot delete a directory that is not empty.
PR_FILESYSTEM_MOUNTED_ERROR: Cannot delete or rename a file object while the file system is busy.
PR_NOT_SAME_DEVICE_ERROR: Cannot rename a file to a file system on another device.
PR_DIRECTORY_CORRUPTED_ERROR: The directory object in the file system is corrupted.
PR_FILE_EXISTS_ERROR: Cannot create or rename a filename that already exists.
PR_MAX_DIRECTORY_ENTRIES_ERROR: Directory is full. No additional filenames may be added.
PR_INVALID_DEVICE_STATE_ERROR: The required device was in an invalid state.
PR_DEVICE_IS_LOCKED_ERROR: The device is locked.
PR_NO_MORE_FILES_ERROR: No more entries in the directory.
PR_END_OF_FILE_ERROR: Encountered end of file.
PR_FILE_SEEK_ERROR: Seek error.
PR_FILE_IS_BUSY_ERROR: The file is busy.
PR_IN_PROGRESS_ERROR: Operation is still in progress (probably a non-blocking connect).
PR_ALREADY_INITIATED_ERROR: Operation has already been initiated (probably a non-blocking connect).
PR_GROUP_EMPTY_ERROR: The wait group is empty.
PR_INVALID_STATE_ERROR: Object state improper for request.
PR_NETWORK_DOWN_ERROR: Network is down.
PR_SOCKET_SHUTDOWN_ERROR: The socket was previously shut down.
PR_CONNECT_ABORTED_ERROR: TCP Connection aborted.
PR_HOST_UNREACHABLE_ERROR: Host is unreachable.
PR_LIBRARY_NOT_LOADED_ERROR: The library is not loaded.
PR_CALL_ONCE_ERROR: The one-time function was previously called and failed. Its error code is no longer available.
PR_MAX_ERROR: Placeholder for the end of the list
SUCCESS: Success
CertVerifyError CertVerifyError(error_message=None, error_code=None, usages=None, log=None) |
NSPRError NSPRError(error_message=None, error_code=None) |
string |
|
PR_ACCESS_FAULT_ERROR = -5997
|
|
PR_ADDRESS_IN_USE_ERROR = -5982
|
|
PR_ADDRESS_NOT_AVAILABLE_ERROR = -5986
|
|
PR_ADDRESS_NOT_SUPPORTED_ERROR = -5985
|
|
PR_ALREADY_INITIATED_ERROR = -5933
|
|
PR_BAD_ADDRESS_ERROR = -5983
|
|
PR_BAD_DESCRIPTOR_ERROR = -5999
|
|
PR_BUFFER_OVERFLOW_ERROR = -5962
|
|
PR_CALL_ONCE_ERROR = -5925
|
|
PR_CONNECT_ABORTED_ERROR = -5928
|
|
PR_CONNECT_REFUSED_ERROR = -5981
|
|
PR_CONNECT_RESET_ERROR = -5961
|
|
PR_CONNECT_TIMEOUT_ERROR = -5979
|
|
PR_DEADLOCK_ERROR = -5959
|
|
PR_DEVICE_IS_LOCKED_ERROR = -5940
|
|
PR_DIRECTORY_CORRUPTED_ERROR = -5944
|
|
PR_DIRECTORY_LOOKUP_ERROR = -5973
|
|
PR_DIRECTORY_NOT_EMPTY_ERROR = -5947
|
|
PR_DIRECTORY_OPEN_ERROR = -5988
|
|
PR_END_OF_FILE_ERROR = -5938
|
|
PR_FILESYSTEM_MOUNTED_ERROR = -5946
|
|
PR_FILE_EXISTS_ERROR = -5943
|
|
PR_FILE_IS_BUSY_ERROR = -5936
|
|
PR_FILE_IS_LOCKED_ERROR = -5958
|
|
PR_FILE_NOT_FOUND_ERROR = -5950
|
|
PR_FILE_SEEK_ERROR = -5937
|
|
PR_FILE_TOO_BIG_ERROR = -5957
|
|
PR_FIND_SYMBOL_ERROR = -5975
|
|
PR_GROUP_EMPTY_ERROR = -5932
|
|
PR_HOST_UNREACHABLE_ERROR = -5927
|
|
PR_ILLEGAL_ACCESS_ERROR = -5995
|
|
PR_INSUFFICIENT_RESOURCES_ERROR = -5974
|
|
PR_INVALID_ARGUMENT_ERROR = -5987
|
|
PR_INVALID_DEVICE_STATE_ERROR = -5941
|
|
PR_INVALID_METHOD_ERROR = -5996
|
|
PR_INVALID_STATE_ERROR = -5931
|
|
PR_IN_PROGRESS_ERROR = -5934
|
|
PR_IO_ERROR = -5991
|
|
PR_IO_PENDING_ERROR = -5989
|
|
PR_IO_TIMEOUT_ERROR = -5990
|
|
PR_IS_CONNECTED_ERROR = -5984
|
|
PR_IS_DIRECTORY_ERROR = -5953
|
|
PR_LIBRARY_NOT_LOADED_ERROR = -5926
|
|
PR_LOAD_LIBRARY_ERROR = -5977
|
|
PR_LOOP_ERROR = -5952
|
|
PR_MAX_DIRECTORY_ENTRIES_ERROR = -5942
|
|
PR_MAX_ERROR = -5924
|
|
PR_NAME_TOO_LONG_ERROR = -5951
|
|
PR_NETWORK_DOWN_ERROR = -5930
|
|
PR_NETWORK_UNREACHABLE_ERROR = -5980
|
|
PR_NOT_CONNECTED_ERROR = -5978
|
|
PR_NOT_DIRECTORY_ERROR = -5949
|
|
PR_NOT_IMPLEMENTED_ERROR = -5992
|
|
PR_NOT_SAME_DEVICE_ERROR = -5945
|
|
PR_NOT_SOCKET_ERROR = -5969
|
|
PR_NOT_TCP_SOCKET_ERROR = -5968
|
|
PR_NO_ACCESS_RIGHTS_ERROR = -5966
|
|
PR_NO_DEVICE_SPACE_ERROR = -5956
|
|
PR_NO_MORE_FILES_ERROR = -5939
|
|
PR_NO_SEEK_DEVICE_ERROR = -5954
|
|
PR_OPERATION_NOT_SUPPORTED_ERROR = -5965
|
|
PR_OUT_OF_MEMORY_ERROR = -6000
|
|
PR_PENDING_INTERRUPT_ERROR = -5993
|
|
PR_PIPE_ERROR = -5955
|
|
PR_PROC_DESC_TABLE_FULL_ERROR = -5971
|
|
PR_PROTOCOL_NOT_SUPPORTED_ERROR = -5964
|
|
PR_RANGE_ERROR = -5960
|
|
PR_READ_ONLY_FILESYSTEM_ERROR = -5948
|
|
PR_REMOTE_FILE_ERROR = -5963
|
|
PR_SOCKET_ADDRESS_IS_BOUND_ERROR = -5967
|
|
PR_SOCKET_SHUTDOWN_ERROR = -5929
|
|
PR_SYS_DESC_TABLE_FULL_ERROR = -5970
|
|
PR_TPD_RANGE_ERROR = -5972
|
|
PR_UNKNOWN_ERROR = -5994
|
|
PR_UNLOAD_LIBRARY_ERROR = -5976
|
|
PR_WOULD_BLOCK_ERROR = -5998
|
|
SEC_ERROR_ADDING_CERT = -8168
|
|
SEC_ERROR_APPLICATION_CALLBACK_ERROR = -8014
|
|
SEC_ERROR_BAD_CRL_DP_URL = -8017
|
|
SEC_ERROR_BAD_DATA = -8190
|
|
SEC_ERROR_BAD_DATABASE = -8174
|
|
SEC_ERROR_BAD_DER = -8183
|
|
SEC_ERROR_BAD_EXPORT_ALGORITHM = -8117
|
|
SEC_ERROR_BAD_HTTP_RESPONSE = -8030
|
|
SEC_ERROR_BAD_INFO_ACCESS_LOCATION = -8027
|
|
SEC_ERROR_BAD_INFO_ACCESS_METHOD = -8022
|
|
SEC_ERROR_BAD_KEY = -8178
|
|
SEC_ERROR_BAD_LDAP_RESPONSE = -8029
|
|
SEC_ERROR_BAD_NICKNAME = -8089
|
|
SEC_ERROR_BAD_PASSWORD = -8177
|
|
SEC_ERROR_BAD_SIGNATURE = -8182
|
|
SEC_ERROR_BAD_TEMPLATE = -8056
|
|
SEC_ERROR_BAGGAGE_NOT_CREATED = -8121
|
|
SEC_ERROR_BUSY = -8053
|
|
SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = -8087
|
|
SEC_ERROR_CA_CERT_INVALID = -8156
|
|
SEC_ERROR_CERT_ADDR_MISMATCH = -8100
|
|
SEC_ERROR_CERT_BAD_ACCESS_LOCATION = -8075
|
|
SEC_ERROR_CERT_NICKNAME_COLLISION = -8124
|
|
SEC_ERROR_CERT_NOT_IN_NAME_SPACE = -8080
|
|
SEC_ERROR_CERT_NOT_VALID = -8164
|
|
SEC_ERROR_CERT_NO_RESPONSE = -8163
|
|
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = -8016
|
|
SEC_ERROR_CERT_USAGES_INVALID = -8154
|
|
SEC_ERROR_CERT_VALID = -8165
|
|
SEC_ERROR_CKL_CONFLICT = -8081
|
|
SEC_ERROR_CRL_ALREADY_EXISTS = -8039
|
|
SEC_ERROR_CRL_BAD_SIGNATURE = -8160
|
|
SEC_ERROR_CRL_EXPIRED = -8161
|
|
SEC_ERROR_CRL_IMPORT_FAILED = -8021
|
|
SEC_ERROR_CRL_INVALID = -8159
|
|
SEC_ERROR_CRL_INVALID_VERSION = -8045
|
|
SEC_ERROR_CRL_NOT_FOUND = -8055
|
|
SEC_ERROR_CRL_NOT_YET_VALID = -8078
|
|
SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = -8043
|
|
SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = -8044
|
|
SEC_ERROR_DECRYPTION_DISALLOWED = -8143
|
|
SEC_ERROR_DIGEST_NOT_FOUND = -8059
|
|
SEC_ERROR_DUPLICATE_CERT = -8170
|
|
SEC_ERROR_DUPLICATE_CERT_NAME = -8169
|
|
SEC_ERROR_EXPIRED_CERTIFICATE = -8181
|
|
SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = -8162
|
|
SEC_ERROR_EXPIRED_PASSWORD = -8020
|
|
SEC_ERROR_EXPORTING_CERTIFICATES = -8116
|
|
SEC_ERROR_EXTENSION_NOT_FOUND = -8157
|
|
SEC_ERROR_EXTENSION_VALUE_INVALID = -8158
|
|
SEC_ERROR_EXTRA_INPUT = -8052
|
|
SEC_ERROR_FAILED_TO_ENCODE_DATA = -8028
|
|
SEC_ERROR_FILING_KEY = -8167
|
|
SEC_ERROR_IMPORTING_CERTIFICATES = -8115
|
|
SEC_ERROR_INADEQUATE_CERT_TYPE = -8101
|
|
SEC_ERROR_INADEQUATE_KEY_USAGE = -8102
|
|
SEC_ERROR_INCOMPATIBLE_PKCS11 = -8041
|
|
SEC_ERROR_INPUT_LEN = -8188
|
|
SEC_ERROR_INVALID_ALGORITHM = -8186
|
|
SEC_ERROR_INVALID_ARGS = -8187
|
|
SEC_ERROR_INVALID_AVA = -8185
|
|
SEC_ERROR_INVALID_KEY = -8152
|
|
SEC_ERROR_INVALID_PASSWORD = -8091
|
|
SEC_ERROR_INVALID_POLICY_MAPPING = -8033
|
|
SEC_ERROR_INVALID_TIME = -8184
|
|
SEC_ERROR_IO = -8192
|
|
SEC_ERROR_JS_ADD_MOD_FAILURE = -8084
|
|
SEC_ERROR_JS_DEL_MOD_FAILURE = -8083
|
|
SEC_ERROR_JS_INVALID_DLL = -8085
|
|
SEC_ERROR_JS_INVALID_MODULE_NAME = -8086
|
|
SEC_ERROR_KEYGEN_FAIL = -8092
|
|
SEC_ERROR_KEY_NICKNAME_COLLISION = -8123
|
|
SEC_ERROR_KRL_BAD_SIGNATURE = -8132
|
|
SEC_ERROR_KRL_EXPIRED = -8133
|
|
SEC_ERROR_KRL_INVALID = -8130
|
|
SEC_ERROR_KRL_NOT_YET_VALID = -8079
|
|
SEC_ERROR_LEGACY_DATABASE = -8015
|
|
SEC_ERROR_LIBPKIX_INTERNAL = -8026
|
|
SEC_ERROR_LIBRARY_FAILURE = -8191
|
|
SEC_ERROR_LOCKED_PASSWORD = -8019
|
|
SEC_ERROR_MESSAGE_SEND_ABORTED = -8103
|
|
SEC_ERROR_MODULE_STUCK = -8057
|
|
SEC_ERROR_NEED_RANDOM = -8129
|
|
SEC_ERROR_NOT_A_RECIPIENT = -8147
|
|
SEC_ERROR_NOT_FORTEZZA_ISSUER = -8088
|
|
SEC_ERROR_NOT_INITIALIZED = -8038
|
|
SEC_ERROR_NO_EMAIL_CERT = -8149
|
|
SEC_ERROR_NO_EVENT = -8040
|
|
SEC_ERROR_NO_KEY = -8166
|
|
SEC_ERROR_NO_KRL = -8134
|
|
SEC_ERROR_NO_MEMORY = -8173
|
|
SEC_ERROR_NO_MODULE = -8128
|
|
SEC_ERROR_NO_NODELOCK = -8175
|
|
SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = -8148
|
|
SEC_ERROR_NO_SLOT_SELECTED = -8125
|
|
SEC_ERROR_NO_TOKEN = -8127
|
|
SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = -8073
|
|
SEC_ERROR_OCSP_BAD_SIGNATURE = -8035
|
|
SEC_ERROR_OCSP_FUTURE_RESPONSE = -8061
|
|
SEC_ERROR_OCSP_INVALID_SIGNING_CERT = -8048
|
|
SEC_ERROR_OCSP_MALFORMED_REQUEST = -8072
|
|
SEC_ERROR_OCSP_MALFORMED_RESPONSE = -8063
|
|
SEC_ERROR_OCSP_NOT_ENABLED = -8065
|
|
SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = -8064
|
|
SEC_ERROR_OCSP_OLD_RESPONSE = -8060
|
|
SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = -8069
|
|
SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = -8036
|
|
SEC_ERROR_OCSP_SERVER_ERROR = -8071
|
|
SEC_ERROR_OCSP_TRY_SERVER_LATER = -8070
|
|
SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = -8068
|
|
SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = -8062
|
|
SEC_ERROR_OCSP_UNKNOWN_CERT = -8066
|
|
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = -8067
|
|
SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = -8074
|
|
SEC_ERROR_OLD_CRL = -8150
|
|
SEC_ERROR_OLD_KRL = -8082
|
|
SEC_ERROR_OUTPUT_LEN = -8189
|
|
SEC_ERROR_OUT_OF_SEARCH_LIMITS = -8034
|
|
SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = -8155
|
|
SEC_ERROR_PKCS11_DEVICE_ERROR = -8023
|
|
SEC_ERROR_PKCS11_FUNCTION_FAILED = -8024
|
|
SEC_ERROR_PKCS11_GENERAL_ERROR = -8025
|
|
SEC_ERROR_PKCS12_CERT_COLLISION = -8106
|
|
SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = -8110
|
|
SEC_ERROR_PKCS12_DECODING_PFX = -8114
|
|
SEC_ERROR_PKCS12_DUPLICATE_DATA = -8104
|
|
SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = -8098
|
|
SEC_ERROR_PKCS12_INVALID_MAC = -8113
|
|
SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = -8093
|
|
SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = -8107
|
|
SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = -8096
|
|
SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = -8099
|
|
SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = -8097
|
|
SEC_ERROR_PKCS12_UNABLE_TO_READ = -8094
|
|
SEC_ERROR_PKCS12_UNABLE_TO_WRITE = -8095
|
|
SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = -8112
|
|
SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = -8109
|
|
SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = -8111
|
|
SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = -8108
|
|
SEC_ERROR_PKCS7_BAD_SIGNATURE = -8145
|
|
SEC_ERROR_PKCS7_KEYALG_MISMATCH = -8146
|
|
SEC_ERROR_POLICY_VALIDATION_FAILED = -8032
|
|
SEC_ERROR_READ_ONLY = -8126
|
|
SEC_ERROR_RETRY_OLD_PASSWORD = -8090
|
|
SEC_ERROR_RETRY_PASSWORD = -8176
|
|
SEC_ERROR_REUSED_ISSUER_AND_SERIAL = -8054
|
|
SEC_ERROR_REVOKED_CERTIFICATE = -8180
|
|
SEC_ERROR_REVOKED_CERTIFICATE_CRL = -8047
|
|
SEC_ERROR_REVOKED_CERTIFICATE_OCSP = -8046
|
|
SEC_ERROR_REVOKED_KEY = -8131
|
|
SEC_ERROR_SAFE_NOT_CREATED = -8122
|
|
SEC_ERROR_TOKEN_NOT_LOGGED_IN = -8037
|
|
SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = -8031
|
|
SEC_ERROR_UNKNOWN_CERT = -8077
|
|
SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = -8151
|
|
SEC_ERROR_UNKNOWN_ISSUER = -8179
|
|
SEC_ERROR_UNKNOWN_OBJECT_TYPE = -8042
|
|
SEC_ERROR_UNKNOWN_PKCS11_ERROR = -8018
|
|
SEC_ERROR_UNKNOWN_SIGNER = -8076
|
|
SEC_ERROR_UNRECOGNIZED_OID = -8049
|
|
SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = -8050
|
|
SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = -8051
|
|
SEC_ERROR_UNSUPPORTED_KEYALG = -8144
|
|
SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = -8058
|
|
SEC_ERROR_UNTRUSTED_CERT = -8171
|
|
SEC_ERROR_UNTRUSTED_ISSUER = -8172
|
|
SEC_ERROR_USER_CANCELLED = -8105
|
|
SEC_INTERNAL_ONLY = -8153
|
|
SSL_ERROR_ACCESS_DENIED_ALERT = -12194
|
|
SSL_ERROR_BAD_BLOCK_PADDING = -12264
|
|
SSL_ERROR_BAD_CERTIFICATE = -12284
|
|
SSL_ERROR_BAD_CERT_ALERT = -12271
|
|
SSL_ERROR_BAD_CERT_DOMAIN = -12276
|
|
SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = -12180
|
|
SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = -12181
|
|
SSL_ERROR_BAD_CLIENT = -12282
|
|
SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = -12201
|
|
SSL_ERROR_BAD_MAC_ALERT = -12272
|
|
SSL_ERROR_BAD_MAC_READ = -12273
|
|
SSL_ERROR_BAD_SERVER = -12281
|
|
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = -12224
|
|
SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = -12183
|
|
SSL_ERROR_CERT_KEA_MISMATCH = -12200
|
|
SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = -12167
|
|
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = -12219
|
|
SSL_ERROR_CLOSE_NOTIFY_ALERT = -12230
|
|
SSL_ERROR_DECODE_ERROR_ALERT = -12193
|
|
SSL_ERROR_DECOMPRESSION_FAILURE = -12177
|
|
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = -12228
|
|
SSL_ERROR_DECRYPTION_FAILED_ALERT = -12197
|
|
SSL_ERROR_DECRYPTION_FAILURE = -12217
|
|
SSL_ERROR_DECRYPT_ERROR_ALERT = -12192
|
|
SSL_ERROR_DIGEST_FAILURE = -12161
|
|
SSL_ERROR_ENCRYPTION_FAILURE = -12218
|
|
SSL_ERROR_EXPIRED_CERT_ALERT = -12269
|
|
SSL_ERROR_EXPORT_ONLY_SERVER = -12288
|
|
SSL_ERROR_EXPORT_RESTRICTION_ALERT = -12191
|
|
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = -12221
|
|
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = -12169
|
|
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = -12170
|
|
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = -12171
|
|
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = -12164
|
|
SSL_ERROR_FORTEZZA_PQG = -12267
|
|
SSL_ERROR_GENERATE_RANDOM_FAILURE = -12223
|
|
SSL_ERROR_HANDSHAKE_FAILURE_ALERT = -12227
|
|
SSL_ERROR_HANDSHAKE_NOT_COMPLETED = -12202
|
|
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = -12229
|
|
SSL_ERROR_ILLEGAL_PARAMETER_ALERT = -12226
|
|
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = -12157
|
|
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = -12160
|
|
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = -12208
|
|
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = -12189
|
|
SSL_ERROR_INTERNAL_ERROR_ALERT = -12188
|
|
SSL_ERROR_INVALID_VERSION_RANGE = -12168
|
|
SSL_ERROR_IV_PARAM_FAILURE = -12209
|
|
SSL_ERROR_MAC_COMPUTATION_FAILURE = -12213
|
|
SSL_ERROR_MD5_DIGEST_FAILURE = -12215
|
|
SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = -12172
|
|
SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = -12159
|
|
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = -12158
|
|
SSL_ERROR_NO_CERTIFICATE = -12285
|
|
SSL_ERROR_NO_CIPHERS_SUPPORTED = -12265
|
|
SSL_ERROR_NO_COMPRESSION_OVERLAP = -12203
|
|
SSL_ERROR_NO_CYPHER_OVERLAP = -12286
|
|
SSL_ERROR_NO_RENEGOTIATION_ALERT = -12186
|
|
SSL_ERROR_NO_SERVER_KEY_FOR_ALG = -12206
|
|
SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = -12199
|
|
SSL_ERROR_POST_WARNING = -12275
|
|
SSL_ERROR_PROTOCOL_VERSION_ALERT = -12190
|
|
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = -12210
|
|
SSL_ERROR_RECORD_OVERFLOW_ALERT = -12196
|
|
SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = -12176
|
|
SSL_ERROR_REVOKED_CERT_ALERT = -12270
|
|
SSL_ERROR_RX_MALFORMED_ALERT = -12250
|
|
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = -12248
|
|
SSL_ERROR_RX_MALFORMED_CERTIFICATE = -12258
|
|
SSL_ERROR_RX_MALFORMED_CERT_REQUEST = -12256
|
|
SSL_ERROR_RX_MALFORMED_CERT_VERIFY = -12254
|
|
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = -12251
|
|
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = -12260
|
|
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = -12253
|
|
SSL_ERROR_RX_MALFORMED_FINISHED = -12252
|
|
SSL_ERROR_RX_MALFORMED_HANDSHAKE = -12249
|
|
SSL_ERROR_RX_MALFORMED_HELLO_DONE = -12255
|
|
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = -12261
|
|
SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = -12166
|
|
SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = -12178
|
|
SSL_ERROR_RX_MALFORMED_SERVER_HELLO = -12259
|
|
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = -12257
|
|
SSL_ERROR_RX_RECORD_TOO_LONG = -12263
|
|
SSL_ERROR_RX_UNEXPECTED_ALERT = -12236
|
|
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = -12234
|
|
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = -12244
|
|
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = -12242
|
|
SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = -12163
|
|
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = -12240
|
|
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = -12237
|
|
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = -12246
|
|
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = -12239
|
|
SSL_ERROR_RX_UNEXPECTED_FINISHED = -12238
|
|
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = -12235
|
|
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = -12241
|
|
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = -12247
|
|
SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = -12165
|
|
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = -12179
|
|
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = -12245
|
|
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = -12243
|
|
SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = -12174
|
|
SSL_ERROR_RX_UNKNOWN_ALERT = -12231
|
|
SSL_ERROR_RX_UNKNOWN_HANDSHAKE = -12232
|
|
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = -12233
|
|
SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = -12185
|
|
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = -12220
|
|
SSL_ERROR_SESSION_KEY_GEN_FAILURE = -12207
|
|
SSL_ERROR_SESSION_NOT_FOUND = -12198
|
|
SSL_ERROR_SHA_DIGEST_FAILURE = -12214
|
|
SSL_ERROR_SIGN_HASHES_FAILURE = -12222
|
|
SSL_ERROR_SOCKET_WRITE_FAILURE = -12216
|
|
SSL_ERROR_SSL2_DISABLED = -12274
|
|
SSL_ERROR_SSL_DISABLED = -12268
|
|
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = -12212
|
|
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = -12211
|
|
SSL_ERROR_TOKEN_INSERTION_REMOVAL = -12205
|
|
SSL_ERROR_TOKEN_SLOT_NOT_FOUND = -12204
|
|
SSL_ERROR_TX_RECORD_TOO_LONG = -12262
|
|
SSL_ERROR_UNKNOWN_CA_ALERT = -12195
|
|
SSL_ERROR_UNKNOWN_CIPHER_SUITE = -12266
|
|
SSL_ERROR_UNRECOGNIZED_NAME_ALERT = -12182
|
|
SSL_ERROR_UNSAFE_NEGOTIATION = -12175
|
|
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = -12280
|
|
SSL_ERROR_UNSUPPORTED_CERT_ALERT = -12225
|
|
SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = -12184
|
|
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = -12162
|
|
SSL_ERROR_UNSUPPORTED_VERSION = -12279
|
|
SSL_ERROR_UNUSED_10 = -12278
|
|
SSL_ERROR_UNUSED_5 = -12283
|
|
SSL_ERROR_USER_CANCELED_ALERT = -12187
|
|
SSL_ERROR_US_ONLY_SERVER = -12287
|
|
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = -12173
|
|
SSL_ERROR_WRONG_CERTIFICATE = -12277
|
|
SUCCESS = 0
|
|
XP_JAVA_CERT_NOT_EXISTS_ERROR = -8118
|
|
XP_JAVA_DELETE_PRIVILEGE_ERROR = -8119
|
|
XP_JAVA_REMOVE_PRINCIPAL_ERROR = -8120
|
|
XP_SEC_FORTEZZA_BAD_CARD = -8142
|
|
XP_SEC_FORTEZZA_BAD_PIN = -8136
|
|
XP_SEC_FORTEZZA_MORE_INFO = -8139
|
|
XP_SEC_FORTEZZA_NONE_SELECTED = -8140
|
|
XP_SEC_FORTEZZA_NO_CARD = -8141
|
|
XP_SEC_FORTEZZA_NO_MORE_INFO = -8137
|
|
XP_SEC_FORTEZZA_PERSON_ERROR = -8135
|
|
XP_SEC_FORTEZZA_PERSON_NOT_FOUND = -8138
|
|
_C_API = <capsule object "_C_API" at 0x7f1d0751f1e0>
|
|
__package__ = None
|
Home | Trees | Indices | Help |
---|
Topic: SSL Errors that may be linked to Avast Anti-Track (Read 7488 times)
0 Members and 1 Guest are viewing this topic.
Hi,
I have been getting SSL errors while using Firefox for a few days. After investigation, the cause may be on of the following :
- Agent web’s «HTTPS analysis»
- AntiTrack Premium update (my version is 2.2.453.514)
To clarify the errors I get are : Secure Connection Failed +
- SSL_ERROR_RX_MALFORMED_ALERT (This one got me scared as it made me think it could originate from a malware/virus)
- SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA
- PPR_END_OF_FILE_ERROR[li]
These errors occure only on Firefox, that I have reinstalled from scratch (no error when trying Chrome or Edge). They keep coming up.
However, they stop coming up when I disable the ‘HTTPS analysis’ or AntiTrack.
Regards
Edit : Firefox version 92.0 and some 91.X.X before reinstalling it. Avast full scan reveals nothing with highest sensibility
« Last Edit: September 10, 2021, 05:26:38 PM by Some_dude »
Logged
I’ve been dealing with this issue the past week. Unfortunately I ended up disabling Avast AntiTrack. AT inserts a code in the ‘useragent’ at the end of the string which confuses websites’ «sniffers». At a minimum «Sniffers determine whether you have an up-to-date browser for their site but still let you in. However, most of the time you won’t be able to connect to the site unless you use a User-Agent Switcher which is a Firefox extension.
You’ll get this error: Secure Connection Failed
You can see your user-agent string by going to: https://whatmyuseragent.com/
Here there is no code appended after the browser version:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
If you see a code after ‘Firefox/92.0’ it will disconnect you from most sites. My research leads me to believe that AT is inserting the code.
Logged
I have the same problem. Even the Avast support page does not work. This with Firefox 93.0b3
Only way to stop AntiTrack.
Logged
I ran into the same problem with Anti-Track and Firefox. I found that I would get some sort of SSL error for web pages roughly half the time. Hitting the «Try Again» button would usually work. The problem wasn’t restricted to top-level pages, often other bits that load from their own URLs would fail so web pages with multiple ads would show error messages where half the ads were supposed to be. I didn’t mind the ads not working but when the CSS stylesheets wouldn’t load it made for some pretty ugly web pages.
For now I have Anti-Track disabled and that has fixed the problem. I’m not sure when, if ever, it will get turned back on.
Logged
Hi guys, I forwarded it, let’s see…
Logged
W8.1 [x64] — Avast PremSec 22.7.7366.BC [UI.713] — Firefox ESR 91.11 [NS/uBO/PB] — Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 — Cleanup 22.2 — SecureLine 5.18 — DriverUpdater 22.2 — CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0
I’m with the same problem. Started yesterday after the installation of Avast Anti Track. Firefox open pages with errors like:
Falha na conexão segura
Ocorreu um erro durante uma conexão com forum.avast.com. PR_END_OF_FILE_ERROR
Logged
I’m with the same problem. Started yesterday after the installation of Avast Anti Track. Firefox open pages with errors like:
Falha na conexão segura
Ocorreu um erro durante uma conexão com forum.avast.com. PR_END_OF_FILE_ERROR
Hi,
Please contact support via https://support.avast.com/contact/
Logged
Same problem, latest version installed.
Logged
Logged
Hi,
I’m posting to notify that this problem still occurs with the new Avast update and AntiTrack update.
Regards
Logged
Logged
Hi,
Our developers are still working on this issue. (Workaround — try to refresh the webpage a few times or temporarily disable AntiTrack). We are sorry for the inconvenience.
Logged
Hi, same problem here with Firefox.
With Anti-track work fine. I only need to disable ‘HTTPS analysis’ on Avast Premium Security and the issue disappear.
Regards
Logged
Hi, same problem here with Firefox.
With Anti-track work fine. I only need to disable ‘HTTPS analysis’ on Avast Premium Security and the issue disappear.
Regards
Hi,
Can you clarify if you are getting errors for all the sites on Firefox?
Could you provide us with examples of websites you were accessing and screenshots of the errors, please?
Logged
I’m having the same problem with SSL errors. I’ve just bought this program and am very unhappy its not working properly. Looks like Avast has dudded me my money.
Please dont tell me to use the Support app as I try to install as admin, it asks permission then doesnt work, I cant see a process start up for it either. I’ve dled it several times.
Logged
Description of problem: I cannot submit a bug to bugzilla. ABRT says: --- Running report_Bugzilla --- Logging into Bugzilla at https://bugzilla.redhat.com fatal: XML-RPC(-504): libcurl failed to execute the HTTP POST transaction, explaining: SSL connect error (exited with 1) Version-Release number of selected component (if applicable): abrt-2.0.7-4.fc17.x86_64 libcurl-7.24.0-1.fc17.x86_64 How reproducible: 100% (I tried 3 times, same error each time) Steps to Reproduce: 1. Try to submit an ABRT bug to bugzilla. 2. 3.
Very likely a nss or curl problem: using 'xmlrpc' from http://koji.fedoraproject.org/koji/buildinfo?buildID=322409 gives with nss-3.13.4-3.fc17.x86_64, curl-7.24.0-2.fc17.x86_64: ---- $ XMLRPC_TRACE_CURL=1 xmlrpc https://bugzilla.redhat.com/ x * About to connect() to proxy www-cache port 3128 (#0) * Trying 192.168.8.193... * Connected to www-cache (192.168.8.193) port 3128 (#0) * Connected to www-cache (192.168.8.193) port 3128 (#0) * Establish HTTP proxy tunnel to bugzilla.redhat.com:443 > CONNECT bugzilla.redhat.com:443 HTTP/1.1 Host: bugzilla.redhat.com:443 Proxy-Connection: Keep-Alive Content-Type: text/xml User-Agent: Xmlrpc-c/1.29.3 Curl/7.24.0 < HTTP/1.0 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=bugzilla.redhat.com,OU=Information Technology,O=Red Hat Inc,L=Raleigh,ST=North Carolina,C=US,serialNumber=bcTlha1YkNcz9-M0vAzRilv01xaCkiRQ * start date: Jan 31 18:26:47 2011 GMT * expire date: Mar 04 23:43:36 2013 GMT * common name: bugzilla.redhat.com * issuer: CN=GeoTrust SSL CA,O="GeoTrust, Inc.",C=US * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12250 (SSL_ERROR_RX_MALFORMED_ALERT) * Closing connection #0 --- The second CAfile/CApath line (which does not appear in plain curl -v https://bugzilla.redhat.com/ ) indicates that there happens some TLS renegotiation or so. Same xmlrpc-c on a RHEL6.2 machine (nss-3.13.1-7.el6_2.i686, curl-7.19.7-26.el6_1.2.x86_64): --- * Proxy replied OK to CONNECT request * Initializing NSS with certpath: /etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: CN=bugzilla.redhat.com,OU=Information Technology,O=Red Hat Inc,L=Raleigh,ST=North Carolina,C=US,serialNumber=bcTlha1YkNcz9-M0vAzRilv01xaCkiRQ * start date: Jan 31 18:26:47 2011 GMT * expire date: Mar 04 23:43:36 2013 GMT * common name: bugzilla.redhat.com * issuer: CN=GeoTrust SSL CA,O="GeoTrust, Inc.",C=US * Connected to www-cache (192.168.8.193) port 3128 (#0) > POST / HTTP/1.1 Host: bugzilla.redhat.com Accept: */* Content-Type: text/xml User-Agent: Xmlrpc-c/1.29.3 Curl/7.19.7 ---
Reassigning to curl because this seems to happen only, when communication goes through a proxy: | $ https_proxy= MALLOC_PERTURB_= XMLRPC_TRACE_CURL=1 ./xmlrpc https://www.google.com x | | * About to connect() to www.google.com port 443 (#0) | * Trying 173.194.69.103... | ... | * issuer: CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA | > POST / HTTP/1.1 | Host: www.google.com | $ https_proxy=http://www-cache:3128 MALLOC_PERTURB_= XMLRPC_TRACE_CURL=1 ./xmlrpc https://www.google.com x | * About to connect() to proxy www-cache port 3128 (#0) | * Trying 192.168.8.193... | ... | * issuer: CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA | * NSS error -12250 (SSL_ERROR_RX_MALFORMED_ALERT)
minimal example: ---- #include <curl/curl.h> int main(int argc, char *argv[]) { CURL *e = curl_easy_init(); CURLM *m = curl_multi_init(); int r; curl_easy_setopt(e, CURLOPT_URL, argv[1]); curl_easy_setopt(e, CURLOPT_VERBOSE, 1L); curl_multi_add_handle(m, e); do { curl_multi_perform(m, &r); } while (r > 0); return r; } ----
Thanks for the reproducer! It looks like curl tries to initiate a SSL handshake on a socket with an already established SSL connection. git-bisect points to the following commit: https://github.com/bagder/curl/commit/3c18b38
fixed in curl-7.26.0-3.fc18
sorry, I meant curl-7.26.0-4.fc18
Package curl-7.24.0-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing curl-7.24.0-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9214/curl-7.24.0-4.fc17 then log in and leave karma (feedback).
curl-7.24.0-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |
При открытии сайтов в браузере иногда возникают ошибки – домен в адресной строке выделяется красным с зачеркиванием или ресурс вообще не открывается. Типовая причина скрывается в сбоях работы сертификата SSL. Исправить их может только администратор сайта, но перед обращением к нему стоит проверить собственный компьютер.
Что такое SSL
Текущие тенденции сайтостроения предполагают высокую безопасность соединения пользователя с веб-ресурсом. Это необходимо для защиты персональных данных, секретных номеров банковских карт и информации о проводимых сделках. Организуется безопасность подключением протокола шифрования Secure Sockets Layer (сокращенно SSL).
Особенности сертификата:
- Сертификат выпускается доверенным центром Certification Authority (CA).
- После выдачи он подключается к домену средствами провайдера хостинга.
- Срок его действия ограничен 1 годом, после чего требуется продление.
Работа сайта возможна и без SSL, но поисковые системы «не доверяют» таким ресурсам и помечают их в браузере как неблагонадежные. Поэтому лучше разобраться, как решить проблему с защитой и полноценно пользоваться протоколом HTTPS. Сертификат актуален на сайтах, где присутствует регистрация, предлагается покупка товаров или онлайн-оплата различных сервисов.
При появлении любых сомнений в исправности защиты регистрироваться на сайте или вводить ранее выданные логин и пароль не рекомендуется. Тем более не стоит осуществлять онлайн-оплату с банковских карт или электронных кошельков, ведь не исключено, что проблема возникла из-за взлома ресурса злоумышленниками.
Комьюнити теперь в Телеграм
Подпишитесь и будьте в курсе последних IT-новостей
Подписаться
Причины появления ошибок SSL
Существует всего две причины, почему браузер отображает ошибку сертификата SSL со стороны сервера. Первая заключается в окончании срока активации, вторая – это покупка сертификата у поставщика без достаточных полномочий для выдачи «полноценной защиты». Например, виной может быть выбор самоподписанного сертификата, лишь эмулирующего работу реального протокола.
Остальные проблемы обычно скрываются на локальном компьютере:
- Произошел сброс системного времени.
- Неправильно настроена антивирусная программа.
- Сбоит браузер или установленное расширение.
- Срабатывает вредоносный скрипт.
Чтобы выяснить настоящую причину, пользователю браузера рекомендуется проверить все перечисленные факторы. При том же заражении компьютерными вирусами возможно проявление сразу нескольких симптомов – от изменения текущего времени и блокировки антивирусом до подключения перенаправления страниц в браузере и других неприятностей.
Изредка встречаются ситуации, когда проблема возникла со стороны администратора, если он ошибся при подключении нового сертификата или забыл продлить его действие. Обычно такие неполадки устраняются быстро, потому что после активации сайт проверяется и, в случае неработоспособности сертификата, проводится повторное подключение вплоть до получения положительного результата.
Время и дата
Сертификат SSL имеет четко обозначенный срок действия с датой активации и деактивации. Такой подход отчасти дает дополнительную защиту, потому что в случае технического сбоя в системных часах компьютера сайты перестают открываться. Сброс времени обычно происходит «назад», на дату изготовления материнской платы, на что и реагирует система.
Варианты исправления ситуации:
- Вручную внести корректную дату и время, после чего обновить страницу в браузере.
- Воспользоваться функцией синхронизации через интернет, встроенной в Windows.
- Заменить батарейку на памяти BIOS. При первом запуске ПК нужно внести корректные данные.
Каждый раз после изменения времени рекомендуется ручное обновление страницы или перезапуск браузера. Такой шаг активирует повторное соединение с сервером и позволяет зайти на сайт «с нуля», но уже с правильным временем, соответствующим сроку действия сертификата SSL (после активации и до ее завершения).
Настройки антивируса и брандмауэра
Программы для защиты компьютера от вирусов и хакерских атак иногда блокируют и «полезные» соединения, например, определенные домены или сразу весь протокол HTTPS, используемый при подключении сертификата SSL. Большинство антивирусов и брандмауэров проверяют его работу, и это становится причиной блокировки сайта как «злоумышленника, пытающего украсть данные».
Варианты исправления ситуации:
- Отключить режим «проверка протокола HTTPS». После этого зайти на сайт заново.
- Полностью выключить антивирусную программу. Перезагрузить ПК, открыть страницу.
- Сбросить настройки брандмауэра. Опять проводится перезапуск компьютера и веб-ресурса.
Функция временного отключения имеется в любой защитной программе, даже интегрированной в операционную систему Windows. Но это не гарантирует полную деактивацию приложения. В этом случае разобраться в ситуации поможет открытие сайта на другом компьютере или запуск безопасного режима (актуально для проводного подключения к интернету).
Браузер и операционная система
Наличие проблемы с браузером проще всего определить открытием сайта на другом устройстве или в другой программе. Иногда решение заключается в банальном обновлении версии приложения до актуальной. То же относится к операционной системе, если используется интегрированный браузер вроде Edge. Пакеты обновлений для того и выпускаются, чтобы устранять неполадки в ПО.
Варианты исправления ситуации:
- Полностью очистить историю браузера вместе с кэшем и другими данными.
- Временно отключить все ранее установленные и активные расширения.
- Переустановить программу после ее полной деинсталляции.
Остается еще один вариант – сбросить настройки браузера до состояния «по умолчанию». Способ аналогичен переустановке, но экономит время. Правда, он неэффективен, если проблема возникла из-за сбоя в одном из служебных файлов программы. Отдельное внимание стоит уделить расширению, выполняющему функции антивирусной защиты, ведь оно часто блокирует даже безопасное соединение.
Заражение компьютерными вирусами
Выдачей ошибки SSL браузер, вероятно, предупреждает о попытке его подмены, переадресации на сайт-клон или иной угрозе. В это случае рекомендуется провести полную проверку компьютера на наличие вирусов. Если присутствуют другие признаки заражения, стоит скачать парочку программ со свежими антивирусными базами (например, CureIt).
Варианты исправления ситуации:
- Временно отключить все программы из автозагрузки.
- Провести очистку диска от временных файлов.
- Перезагрузить компьютер после предыдущих шагов.
Выполняются перечисленные действия программами типа CCleaner. Они дают прямой доступ как к автозагрузке операционной системе, так и к списку расширений установленных браузеров. Также в таких программах обычно есть функция удаления ненужных системных файлов, в которых запросто может быть тело компьютерного вируса.
Если предложенные способы устранения ошибки SSL не помогли, остается ждать, пока проблему устранит администратор, или воспользоваться любым другим тематическим сайтом с аналогичным контентом.