1// Copyright (c) 2010 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This file intentionally does not have header guards, it's included
6// inside a macro to generate enum.
7
8// This file contains the list of network errors.
9
10//
11// Ranges:
12//     0- 99 System related errors
13//   100-199 Connection related errors
14//   200-299 Certificate errors
15//   300-399 HTTP errors
16//   400-499 Cache errors
17//   500-599 ?
18//   600-699 FTP errors
19//   700-799 Certificate manager errors
20//
21
22// An asynchronous IO operation is not yet complete.  This usually does not
23// indicate a fatal error.  Typically this error will be generated as a
24// notification to wait for some external notification that the IO operation
25// finally completed.
26NET_ERROR(IO_PENDING, -1)
27
28// A generic failure occurred.
29NET_ERROR(FAILED, -2)
30
31// An operation was aborted (due to user action).
32NET_ERROR(ABORTED, -3)
33
34// An argument to the function is incorrect.
35NET_ERROR(INVALID_ARGUMENT, -4)
36
37// The handle or file descriptor is invalid.
38NET_ERROR(INVALID_HANDLE, -5)
39
40// The file or directory cannot be found.
41NET_ERROR(FILE_NOT_FOUND, -6)
42
43// An operation timed out.
44NET_ERROR(TIMED_OUT, -7)
45
46// The file is too large.
47NET_ERROR(FILE_TOO_BIG, -8)
48
49// An unexpected error.  This may be caused by a programming mistake or an
50// invalid assumption.
51NET_ERROR(UNEXPECTED, -9)
52
53// Permission to access a resource, other than the network, was denied.
54NET_ERROR(ACCESS_DENIED, -10)
55
56// The operation failed because of unimplemented functionality.
57NET_ERROR(NOT_IMPLEMENTED, -11)
58
59// There were not enough resources to complete the operation.
60NET_ERROR(INSUFFICIENT_RESOURCES, -12)
61
62// Memory allocation failed.
63NET_ERROR(OUT_OF_MEMORY, -13)
64
65// The file upload failed because the file's modification time was different
66// from the expectation.
67NET_ERROR(UPLOAD_FILE_CHANGED, -14)
68
69// The socket is not connected.
70NET_ERROR(SOCKET_NOT_CONNECTED, -15)
71
72// A connection was closed (corresponding to a TCP FIN).
73NET_ERROR(CONNECTION_CLOSED, -100)
74
75// A connection was reset (corresponding to a TCP RST).
76NET_ERROR(CONNECTION_RESET, -101)
77
78// A connection attempt was refused.
79NET_ERROR(CONNECTION_REFUSED, -102)
80
81// A connection timed out as a result of not receiving an ACK for data sent.
82// This can include a FIN packet that did not get ACK'd.
83NET_ERROR(CONNECTION_ABORTED, -103)
84
85// A connection attempt failed.
86NET_ERROR(CONNECTION_FAILED, -104)
87
88// The host name could not be resolved.
89NET_ERROR(NAME_NOT_RESOLVED, -105)
90
91// The Internet connection has been lost.
92NET_ERROR(INTERNET_DISCONNECTED, -106)
93
94// An SSL protocol error occurred.
95NET_ERROR(SSL_PROTOCOL_ERROR, -107)
96
97// The IP address or port number is invalid (e.g., cannot connect to the IP
98// address 0 or the port 0).
99NET_ERROR(ADDRESS_INVALID, -108)
100
101// The IP address is unreachable.  This usually means that there is no route to
102// the specified host or network.
103NET_ERROR(ADDRESS_UNREACHABLE, -109)
104
105// The server requested a client certificate for SSL client authentication.
106NET_ERROR(SSL_CLIENT_AUTH_CERT_NEEDED, -110)
107
108// A tunnel connection through the proxy could not be established.
109NET_ERROR(TUNNEL_CONNECTION_FAILED, -111)
110
111// No SSL protocol versions are enabled.
112NET_ERROR(NO_SSL_VERSIONS_ENABLED, -112)
113
114// The client and server don't support a common SSL protocol version or
115// cipher suite.
116NET_ERROR(SSL_VERSION_OR_CIPHER_MISMATCH, -113)
117
118// The server requested a renegotiation (rehandshake).
119NET_ERROR(SSL_RENEGOTIATION_REQUESTED, -114)
120
121// The proxy requested authentication (for tunnel establishment) with an
122// unsupported method.
123NET_ERROR(PROXY_AUTH_UNSUPPORTED, -115)
124
125// During SSL renegotiation (rehandshake), the server sent a certificate with
126// an error.
127//
128// Note: this error is not in the -2xx range so that it won't be handled as a
129// certificate error.
130NET_ERROR(CERT_ERROR_IN_SSL_RENEGOTIATION, -116)
131
132// The SSL handshake failed because of a bad or missing client certificate.
133NET_ERROR(BAD_SSL_CLIENT_AUTH_CERT, -117)
134
135// A connection attempt timed out.
136NET_ERROR(CONNECTION_TIMED_OUT, -118)
137
138// There are too many pending DNS resolves, so a request in the queue was
139// aborted.
140NET_ERROR(HOST_RESOLVER_QUEUE_TOO_LARGE, -119)
141
142// Failed establishing a connection to the SOCKS proxy server for a target host.
143NET_ERROR(SOCKS_CONNECTION_FAILED, -120)
144
145// The SOCKS proxy server failed establishing connection to the target host
146// because that host is unreachable.
147NET_ERROR(SOCKS_CONNECTION_HOST_UNREACHABLE, -121)
148
149// The request to negotiate an alternate protocol failed.
150NET_ERROR(NPN_NEGOTIATION_FAILED, -122)
151
152// The peer sent an SSL no_renegotiation alert message.
153NET_ERROR(SSL_NO_RENEGOTIATION, -123)
154
155// Winsock sometimes reports more data written than passed.  This is probably
156// due to a broken LSP.
157NET_ERROR(WINSOCK_UNEXPECTED_WRITTEN_BYTES, -124)
158
159// An SSL peer sent us a fatal decompression_failure alert. This typically
160// occurs when a peer selects DEFLATE compression in the mistaken belief that
161// it supports it.
162NET_ERROR(SSL_DECOMPRESSION_FAILURE_ALERT, -125)
163
164// An SSL peer sent us a fatal bad_record_mac alert. This has been observed
165// from servers with buggy DEFLATE support.
166NET_ERROR(SSL_BAD_RECORD_MAC_ALERT, -126)
167
168// The proxy requested authentication (for tunnel establishment).
169NET_ERROR(PROXY_AUTH_REQUESTED, -127)
170
171// A known TLS strict server didn't offer the renegotiation extension.
172NET_ERROR(SSL_UNSAFE_NEGOTIATION, -128)
173
174// The SSL server attempted to use a weak ephemeral Diffie-Hellman key.
175NET_ERROR(SSL_WEAK_SERVER_EPHEMERAL_DH_KEY, -129)
176
177// Could not create a connection to the proxy server. An error occurred
178// either in resolving its name, or in connecting a socket to it.
179// Note that this does NOT include failures during the actual "CONNECT" method
180// of an HTTP proxy.
181NET_ERROR(PROXY_CONNECTION_FAILED, -130)
182
183// Free: 131
184
185// We detected an ESET product intercepting our HTTPS connections. Since these
186// products are False Start intolerant, we return this error so that we can
187// give the user a helpful error message rather than have the connection hang.
188NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132)
189
190// We've hit the max socket limit for the socket pool while preconnecting.  We
191// don't bother trying to preconnect more sockets.
192NET_ERROR(PRECONNECT_MAX_SOCKET_LIMIT, -133)
193
194// The permission to use the SSL client certificate's private key was denied.
195NET_ERROR(SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED, -134)
196
197// The SSL client certificate has no private key.
198NET_ERROR(SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY, -135)
199
200// The certificate presented by the HTTPS Proxy was invalid.
201NET_ERROR(PROXY_CERTIFICATE_INVALID, -136)
202
203// An error occurred when trying to do a name resolution (DNS).
204NET_ERROR(NAME_RESOLUTION_FAILED, -137)
205
206// Permission to access the network was denied. This is used to distinguish
207// errors that were most likely caused by a firewall from other access denied
208// errors. See also ERR_ACCESS_DENIED.
209NET_ERROR(NETWORK_ACCESS_DENIED, -138)
210
211// The request throttler module cancelled this request to avoid DDOS.
212NET_ERROR(TEMPORARILY_THROTTLED, -139)
213
214// A request to create an SSL tunnel connection through the HTTPS proxy
215// received a non-200 (OK) and non-407 (Proxy Auth) response.  The response
216// body might include a description of why the request failed.
217NET_ERROR(HTTPS_PROXY_TUNNEL_RESPONSE, -140)
218
219// We were unable to sign the CertificateVerify data of an SSL client auth
220// handshake with the client certificate's private key.
221//
222// Possible causes for this include the user implicitly or explicitly
223// denying access to the private key, the private key may not be valid for
224// signing, the key may be relying on a cached handle which is no longer
225// valid, or the CSP won't allow arbitrary data to be signed.
226NET_ERROR(SSL_CLIENT_AUTH_SIGNATURE_FAILED, -141)
227
228// The message was too large for the transport.  (for example a UDP message
229// which exceeds size threshold).
230NET_ERROR(MSG_TOO_BIG, -142)
231
232// Certificate error codes
233//
234// The values of certificate error codes must be consecutive.
235
236// The server responded with a certificate whose common name did not match
237// the host name.  This could mean:
238//
239// 1. An attacker has redirected our traffic to his server and is
240//    presenting a certificate for which he knows the private key.
241//
242// 2. The server is misconfigured and responding with the wrong cert.
243//
244// 3. The user is on a wireless network and is being redirected to the
245//    network's login page.
246//
247// 4. The OS has used a DNS search suffix and the server doesn't have
248//    a certificate for the abbreviated name in the address bar.
249//
250NET_ERROR(CERT_COMMON_NAME_INVALID, -200)
251
252// The server responded with a certificate that, by our clock, appears to
253// either not yet be valid or to have expired.  This could mean:
254//
255// 1. An attacker is presenting an old certificate for which he has
256//    managed to obtain the private key.
257//
258// 2. The server is misconfigured and is not presenting a valid cert.
259//
260// 3. Our clock is wrong.
261//
262NET_ERROR(CERT_DATE_INVALID, -201)
263
264// The server responded with a certificate that is signed by an authority
265// we don't trust.  The could mean:
266//
267// 1. An attacker has substituted the real certificate for a cert that
268//    contains his public key and is signed by his cousin.
269//
270// 2. The server operator has a legitimate certificate from a CA we don't
271//    know about, but should trust.
272//
273// 3. The server is presenting a self-signed certificate, providing no
274//    defense against active attackers (but foiling passive attackers).
275//
276NET_ERROR(CERT_AUTHORITY_INVALID, -202)
277
278// The server responded with a certificate that contains errors.
279// This error is not recoverable.
280//
281// MSDN describes this error as follows:
282//   "The SSL certificate contains errors."
283// NOTE: It's unclear how this differs from ERR_CERT_INVALID. For consistency,
284// use that code instead of this one from now on.
285//
286NET_ERROR(CERT_CONTAINS_ERRORS, -203)
287
288// The certificate has no mechanism for determining if it is revoked.  In
289// effect, this certificate cannot be revoked.
290NET_ERROR(CERT_NO_REVOCATION_MECHANISM, -204)
291
292// Revocation information for the security certificate for this site is not
293// available.  This could mean:
294//
295// 1. An attacker has compromised the private key in the certificate and is
296//    blocking our attempt to find out that the cert was revoked.
297//
298// 2. The certificate is unrevoked, but the revocation server is busy or
299//    unavailable.
300//
301NET_ERROR(CERT_UNABLE_TO_CHECK_REVOCATION, -205)
302
303// The server responded with a certificate has been revoked.
304// We have the capability to ignore this error, but it is probably not the
305// thing to do.
306NET_ERROR(CERT_REVOKED, -206)
307
308// The server responded with a certificate that is invalid.
309// This error is not recoverable.
310//
311// MSDN describes this error as follows:
312//   "The SSL certificate is invalid."
313//
314NET_ERROR(CERT_INVALID, -207)
315
316// The server responded with a certificate that is signed using a weak
317// signature algorithm.
318NET_ERROR(CERT_WEAK_SIGNATURE_ALGORITHM, -208)
319
320// The domain has CERT records which are tagged as being an exclusive list of
321// valid fingerprints. But the certificate presented was not in this list.
322NET_ERROR(CERT_NOT_IN_DNS, -209)
323
324// The host name specified in the certificate is not unique.
325NET_ERROR(CERT_NON_UNIQUE_NAME, -210)
326
327// Add new certificate error codes here.
328//
329// Update the value of CERT_END whenever you add a new certificate error
330// code.
331
332// The value immediately past the last certificate error code.
333NET_ERROR(CERT_END, -211)
334
335// The URL is invalid.
336NET_ERROR(INVALID_URL, -300)
337
338// The scheme of the URL is disallowed.
339NET_ERROR(DISALLOWED_URL_SCHEME, -301)
340
341// The scheme of the URL is unknown.
342NET_ERROR(UNKNOWN_URL_SCHEME, -302)
343
344// Attempting to load an URL resulted in too many redirects.
345NET_ERROR(TOO_MANY_REDIRECTS, -310)
346
347// Attempting to load an URL resulted in an unsafe redirect (e.g., a redirect
348// to file:// is considered unsafe).
349NET_ERROR(UNSAFE_REDIRECT, -311)
350
351// Attempting to load an URL with an unsafe port number.  These are port
352// numbers that correspond to services, which are not robust to spurious input
353// that may be constructed as a result of an allowed web construct (e.g., HTTP
354// looks a lot like SMTP, so form submission to port 25 is denied).
355NET_ERROR(UNSAFE_PORT, -312)
356
357// The server's response was invalid.
358NET_ERROR(INVALID_RESPONSE, -320)
359
360// Error in chunked transfer encoding.
361NET_ERROR(INVALID_CHUNKED_ENCODING, -321)
362
363// The server did not support the request method.
364NET_ERROR(METHOD_NOT_SUPPORTED, -322)
365
366// The response was 407 (Proxy Authentication Required), yet we did not send
367// the request to a proxy.
368NET_ERROR(UNEXPECTED_PROXY_AUTH, -323)
369
370// The server closed the connection without sending any data.
371NET_ERROR(EMPTY_RESPONSE, -324)
372
373// The headers section of the response is too large.
374NET_ERROR(RESPONSE_HEADERS_TOO_BIG, -325)
375
376// The PAC requested by HTTP did not have a valid status code (non-200).
377NET_ERROR(PAC_STATUS_NOT_OK, -326)
378
379// The evaluation of the PAC script failed.
380NET_ERROR(PAC_SCRIPT_FAILED, -327)
381
382// The response was 416 (Requested range not satisfiable) and the server cannot
383// satisfy the range requested.
384NET_ERROR(REQUEST_RANGE_NOT_SATISFIABLE, -328)
385
386// The identity used for authentication is invalid.
387NET_ERROR(MALFORMED_IDENTITY, -329)
388
389// Content decoding of the response body failed.
390NET_ERROR(CONTENT_DECODING_FAILED, -330)
391
392// An operation could not be completed because all network IO
393// is suspended.
394NET_ERROR(NETWORK_IO_SUSPENDED, -331)
395
396// FLIP data received without receiving a SYN_REPLY on the stream.
397NET_ERROR(SYN_REPLY_NOT_RECEIVED, -332)
398
399// Converting the response to target encoding failed.
400NET_ERROR(ENCODING_CONVERSION_FAILED, -333)
401
402// The server sent an FTP directory listing in a format we do not understand.
403NET_ERROR(UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT, -334)
404
405// Attempted use of an unknown SPDY stream id.
406NET_ERROR(INVALID_SPDY_STREAM, -335)
407
408// There are no supported proxies in the provided list.
409NET_ERROR(NO_SUPPORTED_PROXIES, -336)
410
411// There is a SPDY protocol framing error.
412NET_ERROR(SPDY_PROTOCOL_ERROR, -337)
413
414// Credentials could not be established during HTTP Authentication.
415NET_ERROR(INVALID_AUTH_CREDENTIALS, -338)
416
417// An HTTP Authentication scheme was tried which is not supported on this
418// machine.
419NET_ERROR(UNSUPPORTED_AUTH_SCHEME, -339)
420
421// Detecting the encoding of the response failed.
422NET_ERROR(ENCODING_DETECTION_FAILED, -340)
423
424// (GSSAPI) No Kerberos credentials were available during HTTP Authentication.
425NET_ERROR(MISSING_AUTH_CREDENTIALS, -341)
426
427// An unexpected, but documented, SSPI or GSSAPI status code was returned.
428NET_ERROR(UNEXPECTED_SECURITY_LIBRARY_STATUS, -342)
429
430// The environment was not set up correctly for authentication (for
431// example, no KDC could be found or the principal is unknown.
432NET_ERROR(MISCONFIGURED_AUTH_ENVIRONMENT, -343)
433
434// An undocumented SSPI or GSSAPI status code was returned.
435NET_ERROR(UNDOCUMENTED_SECURITY_LIBRARY_STATUS, -344)
436
437// The HTTP response was too big to drain.
438NET_ERROR(RESPONSE_BODY_TOO_BIG_TO_DRAIN, -345)
439
440// The HTTP response was too big to drain.
441NET_ERROR(RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH, -346)
442
443// SPDY Headers have been received, but not all of them - status or version
444// headers are missing, so we're expecting additional frames to complete them.
445NET_ERROR(INCOMPLETE_SPDY_HEADERS, -347)
446
447// SPDY server didn't respond to the PING message.
448NET_ERROR(SPDY_PING_FAILED, -352)
449
450// The cache does not have the requested entry.
451NET_ERROR(CACHE_MISS, -400)
452
453// Unable to read from the disk cache.
454NET_ERROR(CACHE_READ_FAILURE, -401)
455
456// Unable to write to the disk cache.
457NET_ERROR(CACHE_WRITE_FAILURE, -402)
458
459// The operation is not supported for this entry.
460NET_ERROR(CACHE_OPERATION_NOT_SUPPORTED, -403)
461
462// The disk cache is unable to open this entry.
463NET_ERROR(CACHE_OPEN_FAILURE, -404)
464
465// The disk cache is unable to create this entry.
466NET_ERROR(CACHE_CREATE_FAILURE, -405)
467
468// Multiple transactions are racing to create disk cache entries. This is an
469// internal error returned from the HttpCache to the HttpCacheTransaction that
470// tells the transaction to restart the entry-creation logic because the state
471// of the cache has changed.
472NET_ERROR(CACHE_RACE, -406)
473
474// The server's response was insecure (e.g. there was a cert error).
475NET_ERROR(INSECURE_RESPONSE, -501)
476
477// The server responded to a <keygen> with a generated client cert that we
478// don't have the matching private key for.
479NET_ERROR(NO_PRIVATE_KEY_FOR_CERT, -502)
480
481// An error adding to the OS certificate database (e.g. OS X Keychain).
482NET_ERROR(ADD_USER_CERT_FAILED, -503)
483
484// *** Code -600 is reserved (was FTP_PASV_COMMAND_FAILED). ***
485
486// A generic error for failed FTP control connection command.
487// If possible, please use or add a more specific error code.
488NET_ERROR(FTP_FAILED, -601)
489
490// The server cannot fulfill the request at this point. This is a temporary
491// error.
492// FTP response code 421.
493NET_ERROR(FTP_SERVICE_UNAVAILABLE, -602)
494
495// The server has aborted the transfer.
496// FTP response code 426.
497NET_ERROR(FTP_TRANSFER_ABORTED, -603)
498
499// The file is busy, or some other temporary error condition on opening
500// the file.
501// FTP response code 450.
502NET_ERROR(FTP_FILE_BUSY, -604)
503
504// Server rejected our command because of syntax errors.
505// FTP response codes 500, 501.
506NET_ERROR(FTP_SYNTAX_ERROR, -605)
507
508// Server does not support the command we issued.
509// FTP response codes 502, 504.
510NET_ERROR(FTP_COMMAND_NOT_SUPPORTED, -606)
511
512// Server rejected our command because we didn't issue the commands in right
513// order.
514// FTP response code 503.
515NET_ERROR(FTP_BAD_COMMAND_SEQUENCE, -607)
516
517// PKCS #12 import failed due to incorrect password.
518NET_ERROR(PKCS12_IMPORT_BAD_PASSWORD, -701)
519
520// PKCS #12 import failed due to other error.
521NET_ERROR(PKCS12_IMPORT_FAILED, -702)
522
523// CA import failed - not a CA cert.
524NET_ERROR(IMPORT_CA_CERT_NOT_CA, -703)
525
526// Import failed - certificate already exists in database.
527// Note it's a little weird this is an error but reimporting a PKCS12 is ok
528// (no-op).  That's how Mozilla does it, though.
529NET_ERROR(IMPORT_CERT_ALREADY_EXISTS, -704)
530
531// CA import failed due to some other error.
532NET_ERROR(IMPORT_CA_CERT_FAILED, -705)
533
534// Server certificate import failed due to some internal error.
535NET_ERROR(IMPORT_SERVER_CERT_FAILED, -706)
536