1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This file intentionally does not have header guards, it's included
6// inside a macro to generate enum values. The following line silences a
7// presubmit warning that would otherwise be triggered by this:
8// no-include-guard-because-multiply-included
9
10// This is the list of CertStatus flags and their values.
11//
12// Defines the values using a macro CERT_STATUS_FLAG,
13// so it can be expanded differently in some places
14
15// The possible status bits for CertStatus.
16// Bits 0 to 15 are for errors.
17CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0)
18CERT_STATUS_FLAG(DATE_INVALID, 1 << 1)
19CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2)
20// 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP).
21CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4)
22CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5)
23CERT_STATUS_FLAG(REVOKED, 1 << 6)
24CERT_STATUS_FLAG(INVALID, 1 << 7)
25CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8)
26// 1 << 9 was used for CERT_STATUS_NOT_IN_DNS
27CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10)
28CERT_STATUS_FLAG(WEAK_KEY, 1 << 11)
29// 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY
30CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13)
31CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14)
32CERT_STATUS_FLAG(VALIDITY_TOO_LONG, 1 << 15)
33
34// Bits 16 to 23 are for non-error statuses.
35CERT_STATUS_FLAG(IS_EV, 1 << 16)
36CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17)
37// Bit 18 was CERT_STATUS_IS_DNSSEC
38CERT_STATUS_FLAG(SHA1_SIGNATURE_PRESENT, 1 << 19)
39CERT_STATUS_FLAG(CT_COMPLIANCE_FAILED, 1 << 20)
40
41// Bits 24 - 31 are for errors.
42CERT_STATUS_FLAG(CERTIFICATE_TRANSPARENCY_REQUIRED, 1 << 24)
43CERT_STATUS_FLAG(SYMANTEC_LEGACY, 1 << 25)
44