Re: cryptic error messages (was: Re: mozilla can't connect to some https-sites)

Mon, 29 Oct 2001 19:42:41 -0800 

Robert Joop wrote:
> 
> On 01-10-24 05:46:48 CEST, Nelson B. Bolyard wrote:
> > > with mozilla 0.9.5 i get "an unknown SSL error (-8101)",
> >
> > Well, first of all, you should be getting a better error message than that.
> > Error code -8101 is not a new error code.  PSM should recognize it.
> 
> yes, the error messages leave a little to be desired, here are two more:
> 
> i get
> "You cannot connect to <FQDN> because of an unknown SSL error (-12269)"
> when i use an expired client certificate.
> 
> i get
> "You cannot connect to <FQDN> because of an unknown SSL error (-12227)"
> when i press cancel when asked for a client certificate.
> 
> rj


For future reference ...

error numbers in the range [-12k .. -11K] are SSL errors.
Their values and symbolic names are defined in 
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/sslerr.h
and the suggested ASCII English strings for those errors are in
http://lxr.mozilla.org/mozilla/source/security/nss/cmd/lib/SSLerrs.h#37

error numbers in the range [-8k .. -7k] are NSS ("SEC") errors.
Their values and symbolic names are defined in 
http://lxr.mozilla.org/mozilla/source/security/nss/lib/util/secerr.h#38
and the suggested ASCII English strings for those errors are in
http://lxr.mozilla.org/mozilla/source/security/nss/cmd/lib/SECerrs.h#37

error numbers in the range [-6000 .. -5001] are NSPR errors.
Their values and symbolic names are defined in 
http://lxr.mozilla.org/mozilla/source/nsprpub/pr/include/prerr.h#44
and the suggested ASCII English strings for those errors are in
http://lxr.mozilla.org/mozilla/source/security/nss/cmd/lib/NSPRerrs.h#33

If my arithmetic is correct, -12269 == -12288 + 19 
                                    == -12k   + 19
                                    == SSL_ERROR_BASE + 19
                                    == SSL_ERROR_EXPIRED_CERT_ALERT
          "SSL peer rejected your certificate as expired."
see http://lxr.mozilla.org/mozilla/source/security/nss/cmd/lib/SSLerrs.h#94

and -12227 == -12288 + 61
           == SSL_ERROR_BASE + 61
           == SSL_ERROR_HANDSHAKE_FAILURE_ALERT
"SSL peer was unable to negotiate an acceptable set of security parameters."
(this is a generic handshake failure, which can occur for many reasons.)
see http://lxr.mozilla.org/mozilla/source/security/nss/cmd/lib/SSLerrs.h#240

--
Nelson Bolyard               Netscape
Disclaimer:                  I speak for myself, not for Netscape

Reply via email to