SSL Reference Manual

comma-separated list of certificate errors which HP NonStop SSL should ignore. The error numbers are defined

in the OpenSSL sources used for HP NonStop SSL (see Considerations).

Considerations

• Warning: The usage of this parameter may compromise the security of your configuration. Use only as

workaround and with care.

• The parameter can be changed at run time using SSLCOM, please see chapter "SSLCOM Command Interface

for details.

The following table lists error numbers and names as defined in the OpenSSL sources:

Error Name Error number

X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2

X509_V_ERR_UNABLE_TO_GET_CRL 3

X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4

X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5

X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6

X509_V_ERR_CERT_SIGNATURE_FAILURE 7

X509_V_ERR_CRL_SIGNATURE_FAILURE 8

X509_V_ERR_CERT_NOT_YET_VALID 9

X509_V_ERR_CERT_HAS_EXPIRED 10

X509_V_ERR_CRL_NOT_YET_VALID 11

X509_V_ERR_CRL_HAS_EXPIRED 12

X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13

X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14

X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15

X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16

X509_V_ERR_OUT_OF_MEM 17

X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18

X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19

X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20

X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21

X509_V_ERR_CERT_CHAIN_TOO_LONG 22

X509_V_ERR_CERT_REVOKED 23

X509_V_ERR_INVALID_CA 24

X509_V_ERR_PATH_LENGTH_EXCEEDED 25

X509_V_ERR_INVALID_PURPOSE 26

X509_V_ERR_CERT_UNTRUSTED 27

X509_V_ERR_CERT_REJECTED 28

X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29

X509_V_ERR_AKID_SKID_MISMATCH 30

X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31

X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32

X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33

X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34

36 • Configuration HP NonStop SSL Reference Manual