OpenSSL Error Codes

Error codes from the OpenSSL TLS/SSL library. Includes SSL_get_error() return values (used to interpret non-blocking I/O results), X.509 certificate verification errors, and TLS alert codes sent between peers.

References

https://www.openssl.org/docs/man3.0/man3/SSL_get_error.html
https://www.openssl.org/docs/man3.0/man3/X509_STORE_CTX_get_error.html
https://www.rfc-editor.org/rfc/rfc8446#section-6

59 codes

SSL_ERROR_NONE No error
SSL_ERROR_SSL SSL library error
SSL_ERROR_SYSCALL System call error
SSL_ERROR_WANT_ACCEPT Want accept
SSL_ERROR_WANT_CONNECT Want connect
SSL_ERROR_WANT_READ Want read
SSL_ERROR_WANT_WRITE Want write
SSL_ERROR_ZERO_RETURN Connection closed
TLS_access_denied Access denied
TLS_bad_certificate Bad certificate
TLS_bad_certificate_status_response Bad certificate status response
TLS_bad_record_mac Bad record MAC
TLS_certificate_expired Certificate expired
TLS_certificate_required Certificate required
TLS_certificate_revoked Certificate revoked
TLS_certificate_unknown Certificate unknown
TLS_close_notify Close notify
TLS_decode_error Decode error
TLS_decrypt_error Decrypt error
TLS_decryption_failed_RESERVED Decryption failed (reserved)
TLS_handshake_failure Handshake failure
TLS_illegal_parameter Illegal parameter
TLS_inappropriate_fallback Inappropriate fallback
TLS_insufficient_security Insufficient security
TLS_internal_error Internal error
TLS_missing_extension Missing extension
TLS_no_application_protocol No application protocol
TLS_protocol_version Protocol version
TLS_record_overflow Record overflow
TLS_unexpected_message Unexpected message
TLS_unknown_ca Unknown CA
TLS_unrecognized_name Unrecognised name
TLS_unsupported_certificate Unsupported certificate
TLS_unsupported_extension Unsupported extension
TLS_user_canceled User cancelled
X509_V_ERR_CERT_CHAIN_TOO_LONG Certificate chain too long
X509_V_ERR_CERT_HAS_EXPIRED Certificate has expired
X509_V_ERR_CERT_NOT_YET_VALID Certificate not yet valid
X509_V_ERR_CERT_REJECTED Certificate rejected
X509_V_ERR_CERT_REVOKED Certificate revoked
X509_V_ERR_CERT_UNTRUSTED Certificate not trusted
X509_V_ERR_CRL_HAS_EXPIRED CRL has expired
X509_V_ERR_CRL_NOT_YET_VALID CRL not yet valid
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT Self-signed certificate
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD Invalid notAfter field
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD Invalid notBefore field
X509_V_ERR_HOSTNAME_MISMATCH Hostname mismatch
X509_V_ERR_INVALID_CA Invalid CA certificate
X509_V_ERR_INVALID_PURPOSE Invalid certificate purpose
X509_V_ERR_IP_ADDRESS_MISMATCH IP address mismatch
X509_V_ERR_KEYUSAGE_NO_CERTSIGN Key usage no cert sign
X509_V_ERR_NO_EXPLICIT_POLICY No explicit policy
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN Self-signed certificate in chain
X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH Signature algorithm mismatch
X509_V_ERR_UNABLE_TO_GET_CRL Unable to get CRL
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT Unable to get issuer certificate
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Unable to get local issuer certificate
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE Unable to verify leaf signature
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION Unhandled critical extension