/*
* Heirloom mailx - a mail user agent derived from Berkeley Mail.
*
* Copyright (c) 2000-2005 Gunnar Ritter, Freiburg i. Br., Germany.
*/
/*
* Generated from
* <http://www.mozilla.org/projects/nspr/reference/html/prerr.html#26127>.
*
* The contents of this file are subject to the Mozilla Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License
* at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*/
/* "@(#)nsserr.c 1.3 (gritter) 3/4/06" */
#include <sslerr.h>
#include <secerr.h>
static const char *
nss_strerror(int ec)
{
const char *cp;
static char eb[30];
switch (ec) {
default:
snprintf(eb, sizeof eb, "Unknown error %d", ec);
cp = eb;
break;
case SSL_ERROR_EXPORT_ONLY_SERVER:
cp = "Unable to communicate securely. Peer does not support high-grade encryption";
break;
case SSL_ERROR_US_ONLY_SERVER:
cp = "Unable to communicate securely. Peer requires high-grade encryption which is not supported";
break;
case SSL_ERROR_NO_CYPHER_OVERLAP:
cp = "Cannot communicate securely with peer: no common encryption algorithm(s)";
break;
case SSL_ERROR_NO_CERTIFICATE:
cp = "Unable to find the certificate or key necessary for authentication";
break;
case SSL_ERROR_BAD_CERTIFICATE:
cp = "Unable to communicate securely with peer: peers's certificate was rejected";
break;
case SSL_ERROR_BAD_CLIENT:
cp = "The server has encountered bad data from the client";
break;
case SSL_ERROR_BAD_SERVER:
cp = "The client has encountered bad data from the server";
break;
case SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE:
cp = "Unsupported certificate type";
break;
case SSL_ERROR_UNSUPPORTED_VERSION:
cp = "Peer using unsupported version of security protocol";
break;
case SSL_ERROR_WRONG_CERTIFICATE:
cp = "Client authentication failed: private key in key database does not correspond to public key in certificate database";
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
cp = "Unable to communicate securely with peer: requested domain name does not match the server's certificate";
break;
case SSL_ERROR_POST_WARNING:
cp = "(unused)";
break;
case SSL_ERROR_SSL2_DISABLED:
cp = "Peer only supports SSL version 2, which is locally disabled";
break;
case SSL_ERROR_BAD_MAC_READ:
cp = "SSL received a record with an incorrect Message Authentication Code";
break;
case SSL_ERROR_BAD_MAC_ALERT:
cp = "SSL peer reports incorrect Message Authentication Code";
break;
case SSL_ERROR_BAD_CERT_ALERT:
cp = "SSL peer cannot verify your certificate";
break;
case SSL_ERROR_REVOKED_CERT_ALERT:
cp = "SSL peer rejected your certificate as revoked";
break;
case SSL_ERROR_EXPIRED_CERT_ALERT:
cp = "SSL peer rejected your certificate as expired";
break;
case SSL_ERROR_SSL_DISABLED:
cp = "Cannot connect: SSL is disabled";
break;
case SSL_ERROR_FORTEZZA_PQG:
cp = "Cannot connect: SSL peer is in another FORTEZZA domain";
break;
case SSL_ERROR_UNKNOWN_CIPHER_SUITE:
cp = "An unknown SSL cipher suite has been requested";
break;
case SSL_ERROR_NO_CIPHERS_SUPPORTED:
cp = "No cipher suites are present and enabled in this program";
break;
case SSL_ERROR_BAD_BLOCK_PADDING:
cp = "SSL received a record with bad block padding";
break;
case SSL_ERROR_RX_RECORD_TOO_LONG:
cp = "SSL received a record that exceeded the maximum permissible length";
break;
case SSL_ERROR_TX_RECORD_TOO_LONG:
cp = "SSL attempted to send a record that exceeded the maximum permissible length";
break;
case SSL_ERROR_CLOSE_NOTIFY_ALERT:
cp = "SSL peer has closed this connection";
break;
case SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED:
cp = "SSL Server attempted to use domestic-grade public key with export cipher suite";
break;
case SSL_ERROR_NO_SERVER_KEY_FOR_ALG:
cp = "Server has no key for the attempted key exchange algorithm";
break;
case SSL_ERROR_TOKEN_INSERTION_REMOVAL:
cp = "PKCS #11 token was inserted or removed while operation was in progress";
break;
case SSL_ERROR_TOKEN_SLOT_NOT_FOUND:
cp = "No PKCS#11 token could be found to do a required operation";
break;
case SSL_ERROR_NO_COMPRESSION_OVERLAP:
cp = "Cannot communicate securely with peer: no common compression algorithm(s)";
break;
case SSL_ERROR_HANDSHAKE_NOT_COMPLETED:
cp = "Cannot initiate another SSL handshake until current handshake is complete";
break;
case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE:
cp = "Received incorrect handshakes hash values from peer";
break;
case SSL_ERROR_CERT_KEA_MISMATCH:
cp = "The certificate provided cannot be used with the selected key exchange algorithm";
break;
case SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA:
cp = "No certificate authority is trusted for SSL client authentication";
break;
case SSL_ERROR_SESSION_NOT_FOUND:
cp = "Client's SSL session ID not found in server's session cache";
break;
case SSL_ERROR_RX_MALFORMED_HELLO_REQUEST:
cp = "SSL received a malformed Hello Request handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CLIENT_HELLO:
cp = "SSL received a malformed Client Hello handshake message";
break;
case SSL_ERROR_RX_MALFORMED_SERVER_HELLO:
cp = "SSL received a malformed Server Hello handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CERTIFICATE:
cp = "SSL received a malformed Certificate handshake message";
break;
case SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH:
cp = "SSL received a malformed Server Key Exchange handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CERT_REQUEST:
cp = "SSL received a malformed Certificate Request handshake message";
break;
case SSL_ERROR_RX_MALFORMED_HELLO_DONE:
cp = "SSL received a malformed Server Hello Done handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CERT_VERIFY:
cp = "SSL received a malformed Certificate Verify handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH:
cp = "SSL received a malformed Client Key Exchange handshake message";
break;
case SSL_ERROR_RX_MALFORMED_FINISHED:
cp = "SSL received a malformed Finished handshake message";
break;
case SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER:
cp = "SSL received a malformed Change Cipher Spec record";
break;
case SSL_ERROR_RX_MALFORMED_ALERT:
cp = "SSL received a malformed Alert record";
break;
case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
cp = "SSL received a malformed Handshake record";
break;
case SSL_ERROR_RX_MALFORMED_APPLICATION_DATA:
cp = "SSL received a malformed Application Data record";
break;
case SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST:
cp = "SSL received an unexpected Hello Request handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO:
cp = "SSL received an unexpected Client Hello handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO:
cp = "SSL received an unexpected Server Hello handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CERTIFICATE:
cp = "SSL received an unexpected Certificate handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH:
cp = "SSL received an unexpected Server Key Exchange handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST:
cp = "SSL received an unexpected Certificate Request handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_HELLO_DONE:
cp = "SSL received an unexpected Server Hello Done handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY:
cp = "SSL received an unexpected Certificate Verify handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH:
cp = "SSL received an unexpected Client Key Exchange handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_FINISHED:
cp = "SSL received an unexpected Finished handshake message";
break;
case SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER:
cp = "SSL received an unexpected Change Cipher Spec record";
break;
case SSL_ERROR_RX_UNEXPECTED_ALERT:
cp = "SSL received an unexpected Alert record";
break;
case SSL_ERROR_RX_UNEXPECTED_HANDSHAKE:
cp = "SSL received an unexpected Handshake record";
break;
case SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA:
cp = "SSL received an unexpected Application Data record";
break;
case SSL_ERROR_RX_UNKNOWN_RECORD_TYPE:
cp = "SSL received a record with an unknown content type";
break;
case SSL_ERROR_RX_UNKNOWN_HANDSHAKE:
cp = "SSL received a handshake message with an unknown message type";
break;
case SSL_ERROR_RX_UNKNOWN_ALERT:
cp = "SSL received an alert record with an unknown alert description";
break;
case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
cp = "SSL peer was not expecting a handshake message it received";
break;
case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT:
cp = "SSL peer was unable to successfully decompress an SSL record it received";
break;
case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
cp = "SSL peer was unable to negotiate an acceptable set of security parameters";
break;
case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
cp = "SSL peer rejected a handshake message for unacceptable content";
break;
case SSL_ERROR_UNSUPPORTED_CERT_ALERT:
cp = "SSL peer does not support certificates of the type it received";
break;
case SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT:
cp = "SSL peer had some unspecified issue with the certificate it received";
break;
case SSL_ERROR_DECRYPTION_FAILED_ALERT:
cp = "Peer was unable to decrypt an SSL record it received";
break;
case SSL_ERROR_RECORD_OVERFLOW_ALERT:
cp = "Peer received an SSL record that was longer than is permitted";
break;
case SSL_ERROR_UNKNOWN_CA_ALERT:
cp = "Peer does not recognize and trust the CA that issued your certificate";
break;
case SSL_ERROR_ACCESS_DENIED_ALERT:
cp = "Peer received a valid certificate, but access was denied";
break;
case SSL_ERROR_DECODE_ERROR_ALERT:
cp = "Peer could not decode an SSL handshake message";
break;
case SSL_ERROR_DECRYPT_ERROR_ALERT:
cp = "Peer reports failure of signature verification or key exchange";
break;
case SSL_ERROR_EXPORT_RESTRICTION_ALERT:
cp = "Peer reports negotiation not in compliance with export regulations";
break;
case SSL_ERROR_PROTOCOL_VERSION_ALERT:
cp = "Peer reports incompatible or unsupported protocol version";
break;
case SSL_ERROR_INSUFFICIENT_SECURITY_ALERT:
cp = "Server requires ciphers more secure than those supported by client";
break;
case SSL_ERROR_INTERNAL_ERROR_ALERT:
cp = "Peer reports it experienced an internal error";
break;
case SSL_ERROR_USER_CANCELED_ALERT:
cp = "Peer user canceled handshake";
break;
case SSL_ERROR_NO_RENEGOTIATION_ALERT:
cp = "Peer does not permit renegotiation of SSL security parameters";
break;
case SSL_ERROR_GENERATE_RANDOM_FAILURE:
cp = "SSL experienced a failure of its random number generator";
break;
case SSL_ERROR_SIGN_HASHES_FAILURE:
cp = "Unable to digitally sign data required to verify your certificate";
break;
case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE:
cp = "SSL was unable to extract the public key from the peer's certificate";
break;
case SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE:
cp = "Unspecified failure while processing SSL Server Key Exchange handshake";
break;
case SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE:
cp = "Unspecified failure while processing SSL Client Key Exchange handshake";
break;
case SSL_ERROR_ENCRYPTION_FAILURE:
cp = "Bulk data encryption algorithm failed in selected cipher suite";
break;
case SSL_ERROR_DECRYPTION_FAILURE:
cp = "Bulk data decryption algorithm failed in selected cipher suite";
break;
case SSL_ERROR_MD5_DIGEST_FAILURE:
cp = "MD5 digest function failed";
break;
case SSL_ERROR_SHA_DIGEST_FAILURE:
cp = "SHA-1 digest function failed";
break;
case SSL_ERROR_MAC_COMPUTATION_FAILURE:
cp = "Message Authentication Code computation failed";
break;
case SSL_ERROR_SYM_KEY_CONTEXT_FAILURE:
cp = "Failure to create Symmetric Key context";
break;
case SSL_ERROR_SYM_KEY_UNWRAP_FAILURE:
cp = "Failure to unwrap the Symmetric key in Client Key Exchange message";
break;
case SSL_ERROR_IV_PARAM_FAILURE:
cp = "PKCS11 code failed to translate an IV into a param";
break;
case SSL_ERROR_INIT_CIPHER_SUITE_FAILURE:
cp = "Failed to initialize the selected cipher suite";
break;
case SSL_ERROR_SOCKET_WRITE_FAILURE:
cp = "Attempt to write encrypted data to underlying socket failed";
break;
case SSL_ERROR_SESSION_KEY_GEN_FAILURE:
cp = "Failed to generate session keys for SSL session";
break;
case SEC_ERROR_IO:
cp = "An I/O error occurred during authentication";
break;
case SEC_ERROR_LIBRARY_FAILURE:
cp = "Security library failure";
break;
case SEC_ERROR_BAD_DATA:
cp = "Security library: received bad data";
break;
case SEC_ERROR_OUTPUT_LEN:
cp = "Security library: output length error";
break;
case SEC_ERROR_INPUT_LEN:
cp = "Security library: input length error";
break;
case SEC_ERROR_INVALID_ARGS:
cp = "Security library: invalid arguments";
break;
case SEC_ERROR_INVALID_ALGORITHM:
cp = "Security library: invalid algorithm";
break;
case SEC_ERROR_INVALID_AVA:
cp = "Security library: invalid AVA";
break;
case SEC_ERROR_INVALID_TIME:
cp = "Security library: invalid time";
break;
case SEC_ERROR_BAD_DER:
cp = "Security library: improperly formatted DER-encoded message";
break;
case SEC_ERROR_BAD_SIGNATURE:
cp = "Peer's certificate has an invalid signature";
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
cp = "Peer's certificate has expired";
break;
case SEC_ERROR_REVOKED_CERTIFICATE:
cp = "Peer's certificate has been revoked";
break;
case SEC_ERROR_UNKNOWN_ISSUER:
cp = "Peer's certificate issuer is not recognized";
break;
case SEC_ERROR_BAD_KEY:
cp = "Peer's public key is invalid";
break;
case SEC_ERROR_BAD_PASSWORD:
cp = "The password entered is incorrect";
break;
case SEC_ERROR_RETRY_PASSWORD:
cp = "New password entered incorrectly";
break;
case SEC_ERROR_NO_NODELOCK:
cp = "Security library: no nodelock";
break;
case SEC_ERROR_BAD_DATABASE:
cp = "Security library: bad database";
break;
case SEC_ERROR_NO_MEMORY:
cp = "Security library: memory allocation failure";
break;
case SEC_ERROR_UNTRUSTED_ISSUER:
cp = "Peer's certificate issuer has been marked as not trusted by the";
break;
case SEC_ERROR_UNTRUSTED_CERT:
cp = "Peer's certificate has been marked as not trusted by the user";
break;
case SEC_ERROR_DUPLICATE_CERT:
cp = "Certificate already exists in your database";
break;
case SEC_ERROR_DUPLICATE_CERT_NAME:
cp = "Downloaded certificate's name duplicates one already in your";
break;
case SEC_ERROR_ADDING_CERT:
cp = "Error adding certificate to database";
break;
case SEC_ERROR_FILING_KEY:
cp = "Error refiling the key for this certificate";
break;
case SEC_ERROR_NO_KEY:
cp = "The private key for this certificate cannot be found in key";
break;
case SEC_ERROR_CERT_VALID:
cp = "This certificate is valid";
break;
case SEC_ERROR_CERT_NOT_VALID:
cp = "This certificate is not valid";
break;
case SEC_ERROR_CERT_NO_RESPONSE:
cp = "Certificate library: no response";
break;
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
cp = "The certificate issuer's certificate has expired";
break;
case SEC_ERROR_CRL_EXPIRED:
cp = "The CRL for the certificate's issuer has expired";
break;
case SEC_ERROR_CRL_BAD_SIGNATURE:
cp = "The CRL for the certificate's issuer has an invalid signature";
break;
case SEC_ERROR_CRL_INVALID:
cp = "New CRL has an invalid format";
break;
case SEC_ERROR_EXTENSION_VALUE_INVALID:
cp = "Certificate extension value is invalid";
break;
case SEC_ERROR_EXTENSION_NOT_FOUND:
cp = "Certificate extension not found";
break;
case SEC_ERROR_CA_CERT_INVALID:
cp = "Issuer certificate is invalid";
break;
case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
cp = "Certificate path length constraint is invalid";
break;
case SEC_ERROR_CERT_USAGES_INVALID:
cp = "Certificate usages field is invalid";
break;
case SEC_INTERNAL_ONLY:
cp = "Internal-only module";
break;
case SEC_ERROR_INVALID_KEY:
cp = "The key does not support the requested operation";
break;
case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
cp = "Certificate contains unknown critical extension";
break;
case SEC_ERROR_OLD_CRL:
cp = "New CRL is not later than the current one";
break;
case SEC_ERROR_NO_EMAIL_CERT:
cp = "Not encrypted or signed: you do not yet have an email certificate";
break;
case SEC_ERROR_NO_RECIPIENT_CERTS_QUERY:
cp = "Not encrypted: you do not have certificates for each of the";
break;
case SEC_ERROR_NOT_A_RECIPIENT:
cp = "Cannot decrypt: you are not a recipient, or matching certificate";
break;
case SEC_ERROR_PKCS7_KEYALG_MISMATCH:
cp = "Cannot decrypt: key encryption algorithm does not match your";
break;
case SEC_ERROR_PKCS7_BAD_SIGNATURE:
cp = "Signature verification failed: no signer found, too many signers";
break;
case SEC_ERROR_UNSUPPORTED_KEYALG:
cp = "Unsupported or unknown key algorithm";
break;
case SEC_ERROR_DECRYPTION_DISALLOWED:
cp = "Cannot decrypt: encrypted using a disallowed algorithm or key size";
break;
#ifdef notdef
case XP_EC_FORTEZZA_BAD_CARD:
cp = "FORTEZZA card has not been properly initialized";
break;
case XP_EC_FORTEZZA_NO_CARD:
cp = "No FORTEZZA cards found";
break;
case XP_EC_FORTEZZA_NONE_SELECTED:
cp = "No FORTEZZA card selected";
break;
case XP_EC_FORTEZZA_MORE_INFO:
cp = "Please select a personality to get more info on";
break;
case XP_EC_FORTEZZA_PERSON_NOT_FOUND:
cp = "Personality not found";
break;
case XP_EC_FORTEZZA_NO_MORE_INFO:
cp = "No more information on that personality";
break;
case XP_EC_FORTEZZA_BAD_PIN:
cp = "Invalid PIN";
break;
case XP_EC_FORTEZZA_PERSON_ERROR:
cp = "Couldn't initialize FORTEZZA personalities";
break;
#endif /* notdef */
case SEC_ERROR_NO_KRL:
cp = "No KRL for this site's certificate has been found";
break;
case SEC_ERROR_KRL_EXPIRED:
cp = "The KRL for this site's certificate has expired";
break;
case SEC_ERROR_KRL_BAD_SIGNATURE:
cp = "The KRL for this site's certificate has an invalid signature";
break;
case SEC_ERROR_REVOKED_KEY:
cp = "The key for this site's certificate has been revoked";
break;
case SEC_ERROR_KRL_INVALID:
cp = "New KRL has an invalid format";
break;
case SEC_ERROR_NEED_RANDOM:
cp = "Security library: need random data";
break;
case SEC_ERROR_NO_MODULE:
cp = "Security library: no security module can perform the requested";
break;
case SEC_ERROR_NO_TOKEN:
cp = "The security card or token does not exist, needs to be";
break;
case SEC_ERROR_READ_ONLY:
cp = "Security library: read-only database";
break;
case SEC_ERROR_NO_SLOT_SELECTED:
cp = "No slot or token was selected";
break;
case SEC_ERROR_CERT_NICKNAME_COLLISION:
cp = "A certificate with the same nickname already exists";
break;
case SEC_ERROR_KEY_NICKNAME_COLLISION:
cp = "A key with the same nickname already exists";
break;
case SEC_ERROR_SAFE_NOT_CREATED:
cp = "Error while creating safe object";
break;
case SEC_ERROR_BAGGAGE_NOT_CREATED:
cp = "Error while creating baggage object";
break;
#ifdef notdef
case XP_AVA_REMOVE_PRINCIPAL_ERROR:
cp = "Couldn't remove the principal";
break;
case XP_AVA_DELETE_PRIVILEGE_ERROR:
cp = "Couldn't delete the privilege";
break;
case XP_AVA_CERT_NOT_EXISTS_ERROR:
cp = "This principal doesn't have a certificate";
break;
#endif /* notdef */
case SEC_ERROR_BAD_EXPORT_ALGORITHM:
cp = "Required algorithm is not allowed";
break;
case SEC_ERROR_EXPORTING_CERTIFICATES:
cp = "Error attempting to export certificates";
break;
case SEC_ERROR_IMPORTING_CERTIFICATES:
cp = "Error attempting to import certificates";
break;
case SEC_ERROR_PKCS12_DECODING_PFX:
cp = "Unable to import. Decoding error. File not valid";
break;
case SEC_ERROR_PKCS12_INVALID_MAC:
cp = "Unable to import. Invalid MAC. Incorrect password or corrupt file";
break;
case SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM:
cp = "Unable to import. MAC algorithm not supported";
break;
case SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE:
cp = "Unable to import. Only password integrity and privacy modes";
break;
case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
cp = "Unable to import. File structure is corrupt";
break;
case SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM:
cp = "Unable to import. Encryption algorithm not supported";
break;
case SEC_ERROR_PKCS12_UNSUPPORTED_VERSION:
cp = "Unable to import. File version not supported";
break;
case SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT:
cp = "Unable to import. Incorrect privacy password";
break;
case SEC_ERROR_PKCS12_CERT_COLLISION:
cp = "Unable to import. Same nickname already exists in database";
break;
case SEC_ERROR_USER_CANCELLED:
cp = "The user clicked cancel";
break;
case SEC_ERROR_PKCS12_DUPLICATE_DATA:
cp = "Not imported, already in database";
break;
case SEC_ERROR_MESSAGE_SEND_ABORTED:
cp = "Message not sent";
break;
case SEC_ERROR_INADEQUATE_KEY_USAGE:
cp = "Certificate key usage inadequate for attempted operation";
break;
case SEC_ERROR_INADEQUATE_CERT_TYPE:
cp = "Certificate type not approved for application";
break;
case SEC_ERROR_CERT_ADDR_MISMATCH:
cp = "Address in signing certificate does not match address in message";
break;
case SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY:
cp = "Unable to import. Error attempting to import private key";
break;
case SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN:
cp = "Unable to import. Error attempting to import certificate chain";
break;
case SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME:
cp = "Unable to export. Unable to locate certificate or key by nickname";
break;
case SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY:
cp = "Unable to export. Private key could not be located and exported";
break;
case SEC_ERROR_PKCS12_UNABLE_TO_WRITE:
cp = "Unable to export. Unable to write the export file";
break;
case SEC_ERROR_PKCS12_UNABLE_TO_READ:
cp = "Unable to import. Unable to read the import file";
break;
case SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED:
cp = "Unable to export. Key database corrupt or deleted";
break;
case SEC_ERROR_KEYGEN_FAIL:
cp = "Unable to generate public-private key pair";
break;
case SEC_ERROR_INVALID_PASSWORD:
cp = "Password entered is invalid";
break;
case SEC_ERROR_RETRY_OLD_PASSWORD:
cp = "Old password entered incorrectly";
break;
case SEC_ERROR_BAD_NICKNAME:
cp = "Certificate nickname already in use";
break;
case SEC_ERROR_NOT_FORTEZZA_ISSUER:
cp = "Peer FORTEZZA chain has a non-FORTEZZA Certificate";
break;
case SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY:
cp = "A sensitive key cannot be moved to the slot where it is needed";
break;
case SEC_ERROR_JS_INVALID_MODULE_NAME:
cp = "Invalid module name";
break;
case SEC_ERROR_JS_INVALID_DLL:
cp = "Invalid module path/filename";
break;
case SEC_ERROR_JS_ADD_MOD_FAILURE:
cp = "Unable to add module";
break;
case SEC_ERROR_JS_DEL_MOD_FAILURE:
cp = "Unable to delete module";
break;
case SEC_ERROR_OLD_KRL:
cp = "New KRL is not later than the current one";
break;
case SEC_ERROR_CKL_CONFLICT:
cp = "New CKL has different issuer than current CKL";
break;
case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
cp = "Certificate issuer is not permitted to issue a certificate with";
break;
case SEC_ERROR_KRL_NOT_YET_VALID:
cp = "The key revocation list for this certificate is not yet valid";
break;
case SEC_ERROR_CRL_NOT_YET_VALID:
cp = "The certificate revocation list for this certificate is not yet valid";
break;
case SEC_ERROR_UNKNOWN_CERT:
cp = "The requested certificate could not be found";
break;
case SEC_ERROR_UNKNOWN_SIGNER:
cp = "The signer's certificate could not be found";
break;
case SEC_ERROR_CERT_BAD_ACCESS_LOCATION:
cp = "The location for the certificate status server has invalid format";
break;
case SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE:
cp = "The OCSP response cannot be fully decoded; it is of an unknown type";
break;
case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE:
cp = "The OCSP server returned unexpected/invalid HTTP data";
break;
case SEC_ERROR_OCSP_MALFORMED_REQUEST:
cp = "The OCSP server found the request to be corrupted or improperly formed";
break;
case SEC_ERROR_OCSP_SERVER_ERROR:
cp = "The OCSP server experienced an internal error";
break;
case SEC_ERROR_OCSP_TRY_SERVER_LATER:
cp = "The OCSP server suggests trying again later";
break;
case SEC_ERROR_OCSP_REQUEST_NEEDS_SIG:
cp = "The OCSP server requires a signature on this request";
break;
case SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST:
cp = "The OCSP server has refused this request as unauthorized";
break;
case SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS:
cp = "The OCSP server returned an unrecognizable status";
break;
case SEC_ERROR_OCSP_UNKNOWN_CERT:
cp = "The OCSP server has no status for the certificate";
break;
case SEC_ERROR_OCSP_NOT_ENABLED:
cp = "You must enable OCSP before performing this operation";
break;
case SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER:
cp = "You must set the OCSP default responder before performing this operation";
break;
case SEC_ERROR_OCSP_MALFORMED_RESPONSE:
cp = "The response from the OCSP server was corrupted or improperly formed";
break;
case SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE:
cp = "The signer of the OCSP response is not authorized to give status for this certificate";
break;
case SEC_ERROR_OCSP_FUTURE_RESPONSE:
cp = "The OCSP response is not yet valid (contains a date in the future)";
break;
case SEC_ERROR_OCSP_OLD_RESPONSE:
cp = "The OCSP response contains out-of-date information";
break;
case SEC_ERROR_DIGEST_NOT_FOUND:
cp = "The CMS or PKCS #7 Digest was not found in signed message";
break;
case SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE:
cp = "The CMS or PKCS #7 Message type is unsupported";
break;
case SEC_ERROR_MODULE_STUCK:
cp = "PKCS #11 module could not be removed because it is still in use";
break;
case SEC_ERROR_BAD_TEMPLATE:
cp = "Could not decode ASN.1 data. Specified template was invalid";
break;
case SEC_ERROR_CRL_NOT_FOUND:
cp = "No matching CRL was found";
break;
case SEC_ERROR_REUSED_ISSUER_AND_SERIAL:
cp = "You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert";
break;
case SEC_ERROR_BUSY:
cp = "NSS could not shutdown. Objects are still in use";
break;
case SEC_ERROR_EXTRA_INPUT:
cp = "DER-encoded message contained extra usused data";
break;
case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
cp = "Unsupported elliptic curve";
break;
case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
cp = "Unsupported elliptic curve point form";
break;
case SEC_ERROR_UNRECOGNIZED_OID:
cp = "Unrecognized Object IDentifier";
break;
case SEC_ERROR_OCSP_INVALID_SIGNING_CERT:
cp = "Invalid OCSP signing certificate in OCSP response";
break;
#ifdef notdef
case SEC_ERROR_REVOKED_CERTIFICATE_CRL:
cp = "Certificate is revoked in issuer's certificate revocation list";
break;
case SEC_ERROR_REVOKED_CERTIFICATE_OCSP:
cp = "Issuer's OCSP responder reports certificate is revoked";
break;
case SEC_ERROR_CRL_INVALID_VERSION:
cp = "Issuer's Certificate Revocation List has an unknown version number";
break;
case SEC_ERROR_CRL_V1_CRITICAL_EXTENSION:
cp = "Issuer's V1 Certificate Revocation List has a critical extension";
break;
case SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION:
cp = "Issuer's V2 Certificate Revocation List has an unknown critical extension";
break;
#endif /* notdef */
}
return cp;
}