Summary

Add conversion between OpenSSL verification codes and our failure codes.

Review Request #14942 — Created March 18, 2026 and submitted April 8, 2026, 1:33 a.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-7.1.x

Bugs

Depends On

Blocks

14943

Reviewers

Groups

reviewboard

People

Description

This introduces a table mapping OpenSSL's numeric verification codes to
our CertificateVerificationFailureCode enum. This helps to create the
right exceptions for an SSLError.

Python doesn't expose constants for any of these codes, so the numeric
values are used along with comments listing the OpenSSL error code's
typical constant.

CertificateVerificationFailureCode.for_ssl_verify_code() is used to
produce the right code based on the mapping. This will be used in
upcoming handling of SSLErrors.

Testing Done

Unit tests pass.

Commits

Summary	ID
Add conversion between OpenSSL verification codes and our failure codes. This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.	faed8d462dccdeb61f49616db8b6b6244a6a9173

Summary

Add conversion between OpenSSL verification codes and our failure codes.

This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.

faed8d462dccdeb61f49616db8b6b6244a6a9173

Issues

Description	From	Last Updated
This should be CertificateVerificationFailureCode.for_ssl_verify_code (Error -> FailureCode)	david	April 2, 2026, 2:37 p.m.
Shouldn't this be HOSTNAME_MISMATCH?	david	April 2, 2026, 2:39 p.m.

flake8 passed.

JSHint passed.

reviewboard/certs/tests/test_certificate_verification_error.py (Diff revision 1)
The issue has been resolved. Show all issues
```
This should be CertificateVerificationFailureCode.for_ssl_verify_code (Error -> FailureCode)
```
reviewboard/certs/tests/test_certificate_verification_error.py (Diff revision 1)
The issue has been resolved. Show all issues
```
Shouldn't this be HOSTNAME_MISMATCH?
```

Change Summary:


Split the CertificateVerificationFailureCode tests into a new file.
Fixed a leftover bad mismatch in those tests from my testing.
Bumped version to RB8.

Commits:

	Summary	ID
	Add conversion between OpenSSL verification codes and our failure codes. This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.	900d978ec35a8398c2a11d58f94e923b6606e5ee
	Add conversion between OpenSSL verification codes and our failure codes. This introduces a table mapping OpenSSL's numeric verification codes to our `CertificateVerificationFailureCode` enum. This helps to create the right exceptions for an `SSLError`. Python doesn't expose constants for any of these codes, so the numeric values are used along with comments listing the OpenSSL error code's typical constant. `CertificateVerificationFailureCode.for_ssl_verify_code()` is used to produce the right code based on the mapping. This will be used in upcoming handling of `SSLError`s.	faed8d462dccdeb61f49616db8b6b6244a6a9173

Diff:

Revision 2 (+190)

Show changes

	reviewboard/certs/errors.py
	reviewboard/certs/tests/test_certificate_verification_error.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-7.1.x (2f5f7db)