Summary

Add conversion between OpenSSL verification codes and our failure codes.

Review Request #14942 — Created March 18, 2026 and updated March 19, 2026, 9:32 a.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-7.1.x

Bugs

Depends On

Blocks

14943

Reviewers

Groups

reviewboard

People

Description

This introduces a table mapping OpenSSL's numeric verification codes to
our CertificateVerificationFailureCode enum. This helps to create the
right exceptions for an SSLError.

Python doesn't expose constants for any of these codes, so the numeric
values are used along with comments listing the OpenSSL error code's
typical constant.

CertificateVerificationFailureCode.for_ssl_verify_code() is used to
produce the right code based on the mapping. This will be used in
upcoming handling of SSLErrors.

Testing Done

Unit tests pass.

Commits

Summary	ID
Add conversion between OpenSSL verification codes and our failure codes. This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.	900d978ec35a8398c2a11d58f94e923b6606e5ee

Summary

Add conversion between OpenSSL verification codes and our failure codes.

This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.

900d978ec35a8398c2a11d58f94e923b6606e5ee

Issues

Description	From	Last Updated
This should be CertificateVerificationFailureCode.for_ssl_verify_code (Error -> FailureCode)	david	March 19, 2026, 9:32 a.m.
Shouldn't this be HOSTNAME_MISMATCH?	david	March 19, 2026, 9:32 a.m.

flake8 passed.

JSHint passed.

Fix it!

reviewboard/certs/tests/test_certificate_verification_error.py (Diff revision 1)
An issue was opened. Show all issues
```
This should be CertificateVerificationFailureCode.for_ssl_verify_code (Error -> FailureCode)
```
reviewboard/certs/tests/test_certificate_verification_error.py (Diff revision 1)
An issue was opened. Show all issues
```
Shouldn't this be HOSTNAME_MISMATCH?
```