Bug 1561443 - Move _getErrorMessageFromCode from NetErrorChild.jsm to aboutNetError.js. r=fluent-reviewers,flod,johannh

Differential Revision: https://phabricator.services.mozilla.com/D36542

--HG--
extra : moz-landing-system : lando

browser/actors/NetErrorChild.jsm

@@ -5,34 +5,10 @@
 
 var EXPORTED_SYMBOLS = ["NetErrorChild"];
 
-const { XPCOMUtils } = ChromeUtils.import(
-  "resource://gre/modules/XPCOMUtils.jsm"
-);
-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
 const { ActorChild } = ChromeUtils.import(
   "resource://gre/modules/ActorChild.jsm"
 );
 
-XPCOMUtils.defineLazyGetter(this, "gPipNSSBundle", function() {
-  return Services.strings.createBundle(
-    "chrome://pipnss/locale/pipnss.properties"
-  );
-});
-XPCOMUtils.defineLazyGetter(this, "gNSSErrorsBundle", function() {
-  return Services.strings.createBundle(
-    "chrome://pipnss/locale/nsserrors.properties"
-  );
-});
-
-const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
-const SEC_ERROR_REUSED_ISSUER_AND_SERIAL = SEC_ERROR_BASE + 138;
-
-const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
-const SSL_ERROR_SSL_DISABLED = SSL_ERROR_BASE + 20;
-const SSL_ERROR_SSL2_DISABLED = SSL_ERROR_BASE + 14;
-
-const PREF_SSL_IMPACT_ROOTS = ["security.tls.version.", "security.ssl3."];
-
 function getSerializedSecurityInfo(docShell) {
   let serhelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
     Ci.nsISerializationHelper
@@ -60,9 +36,6 @@ class NetErrorChild extends ActorChild {
     let doc = aEvent.originalTarget.ownerDocument || aEvent.originalTarget;
 
     switch (aEvent.type) {
-      case "AboutNetErrorLoad":
-        this.onPageLoad(doc.defaultView);
-        break;
       case "AboutNetErrorSetAutomatic":
         this.onSetAutomatic(aEvent);
         break;
@@ -87,111 +60,6 @@ class NetErrorChild extends ActorChild {
     }
   }
 
-  changedCertPrefs() {
-    let prefSSLImpact = PREF_SSL_IMPACT_ROOTS.reduce((prefs, root) => {
-      return prefs.concat(Services.prefs.getChildList(root));
-    }, []);
-    for (let prefName of prefSSLImpact) {
-      if (Services.prefs.prefHasUserValue(prefName)) {
-        return true;
-      }
-    }
-
-    return false;
-  }
-
-  _getErrorMessageFromCode(securityInfo, doc) {
-    let uri = Services.io.newURI(doc.location);
-    let hostString = uri.host;
-    if (uri.port != 443 && uri.port != -1) {
-      hostString = uri.hostPort;
-    }
-
-    let id_str = "";
-    switch (securityInfo.errorCode) {
-      case SSL_ERROR_SSL_DISABLED:
-        id_str = "PSMERR_SSL_Disabled";
-        break;
-      case SSL_ERROR_SSL2_DISABLED:
-        id_str = "PSMERR_SSL2_Disabled";
-        break;
-      case SEC_ERROR_REUSED_ISSUER_AND_SERIAL:
-        id_str = "PSMERR_HostReusedIssuerSerial";
-        break;
-    }
-    let nss_error_id_str = securityInfo.errorCodeString;
-    let msg2 = "";
-    try {
-      if (id_str) {
-        msg2 = gPipNSSBundle.GetStringFromName(id_str) + "\n";
-      } else if (nss_error_id_str) {
-        msg2 = gNSSErrorsBundle.GetStringFromName(nss_error_id_str) + "\n";
-      }
-    } catch (e) {
-      msg2 = "";
-    }
-
-    if (!msg2) {
-      // We couldn't get an error message. Use the error string.
-      // Note that this is different from before where we used PR_ErrorToString.
-      msg2 = nss_error_id_str;
-    }
-    let msg = gPipNSSBundle.formatStringFromName("SSLConnectionErrorPrefix2", [
-      hostString,
-      msg2,
-    ]);
-
-    if (nss_error_id_str && msg2 != nss_error_id_str) {
-      msg +=
-        gPipNSSBundle.formatStringFromName("certErrorCodePrefix3", [
-          nss_error_id_str,
-        ]) + "\n";
-    }
-    return msg;
-  }
-
-  onPageLoad(win) {
-    // Values for telemtery bins: see TLS_ERROR_REPORT_UI in Histograms.json
-    const TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN = 0;
-
-    if (this.isAboutNetError(win.document)) {
-      let docShell = win.docShell;
-      if (docShell) {
-        let { securityInfo } = docShell.failedChannel;
-        // We don't have a securityInfo when this is for example a DNS error.
-        if (securityInfo) {
-          securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-          let msg = this._getErrorMessageFromCode(securityInfo, win.document);
-          let id = win.document.getElementById("errorShortDescText");
-          id.textContent = msg;
-        }
-      }
-
-      let learnMoreLink = win.document.getElementById("learnMoreLink");
-      let baseURL = Services.urlFormatter.formatURLPref("app.support.baseURL");
-      learnMoreLink.setAttribute("href", baseURL + "connection-not-secure");
-
-      let automatic = Services.prefs.getBoolPref(
-        "security.ssl.errorReporting.automatic"
-      );
-      win.dispatchEvent(
-        new win.CustomEvent("AboutNetErrorOptions", {
-          detail: JSON.stringify({
-            enabled: Services.prefs.getBoolPref(
-              "security.ssl.errorReporting.enabled"
-            ),
-            changedCertPrefs: this.changedCertPrefs(),
-            automatic,
-          }),
-        })
-      );
-
-      this.mm.sendAsyncMessage("Browser:SSLErrorReportTelemetry", {
-        reportStatus: TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN,
-      });
-    }
-  }
-
   onResetPreferences(evt) {
     this.mm.sendAsyncMessage("Browser:ResetSSLPreferences");
   }

browser/base/content/aboutNetError.js

@@ -251,59 +251,45 @@ function initPage() {
     document.getElementById("netErrorButtonContainer").style.display = "none";
   }
 
-  window.addEventListener(
+  // Dispatch this event only for tests.
-    "AboutNetErrorOptions",
+  let event = new CustomEvent("AboutNetErrorLoad", { bubbles: true });
-    function(evt) {
-      // Pinning errors are of type nssFailure2
-      if (getErrorCode() == "nssFailure2") {
-        let shortDesc = document.getElementById("errorShortDescText")
-          .textContent;
-        document.getElementById("learnMoreContainer").style.display = "block";
-        var options = JSON.parse(evt.detail);
-        if (options && options.enabled) {
-          var checkbox = document.getElementById("automaticallyReportInFuture");
-          showCertificateErrorReporting();
-          if (options.automatic) {
-            // set the checkbox
-            checkbox.checked = true;
-          }
-
-          checkbox.addEventListener("change", function(changeEvt) {
-            var event = new CustomEvent("AboutNetErrorSetAutomatic", {
-              bubbles: true,
-              detail: changeEvt.target.checked,
-            });
-            document.dispatchEvent(event);
-          });
-        }
-        const hasPrefStyleError = [
-          "interrupted", // This happens with subresources that are above the max tls
-          "SSL_ERROR_PROTOCOL_VERSION_ALERT",
-          "SSL_ERROR_UNSUPPORTED_VERSION",
-          "SSL_ERROR_NO_CYPHER_OVERLAP",
-          "SSL_ERROR_NO_CIPHERS_SUPPORTED",
-        ].some(substring => shortDesc.includes(substring));
-        // If it looks like an error that is user config based
-        if (
-          getErrorCode() == "nssFailure2" &&
-          hasPrefStyleError &&
-          options &&
-          options.changedCertPrefs
-        ) {
-          showPrefChangeContainer();
-        }
-      }
-      if (getErrorCode() == "sslv3Used") {
-        document.getElementById("advancedButton").style.display = "none";
-      }
-    },
-    true,
-    true
-  );
-
-  var event = new CustomEvent("AboutNetErrorLoad", { bubbles: true });
   document.dispatchEvent(event);
 
+  setNetErrorMessageFromCode();
+  let learnMoreLink = document.getElementById("learnMoreLink");
+  let baseURL = RPMGetFormatURLPref("app.support.baseURL");
+  learnMoreLink.setAttribute("href", baseURL + "connection-not-secure");
+
+  // Pinning errors are of type nssFailure2
+  if (err == "nssFailure2") {
+    setupErrorUI();
+
+    RPMAddMessageListener("HasChangedCertPrefs", msg => {
+      let hasChangedCertPrefs = msg.data.hasChangedCertPrefs;
+
+      let errorCode = document.getNetErrorInfo().errorCodeString;
+      let hasPrefStyleError = [
+        "interrupted", // This happens with subresources that are above the max tls
+        "SSL_ERROR_PROTOCOL_VERSION_ALERT",
+        "SSL_ERROR_UNSUPPORTED_VERSION",
+        "SSL_ERROR_NO_CYPHER_OVERLAP",
+        "SSL_ERROR_NO_CIPHERS_SUPPORTED",
+      ].some(substring => {
+        return substring == errorCode;
+      });
+
+      // If it looks like an error that is user config based
+      if (hasPrefStyleError && hasChangedCertPrefs) {
+        showPrefChangeContainer();
+      }
+    });
+    RPMSendAsyncMessage("GetChangedCertPrefs");
+  }
+
+  if (err == "sslv3Used") {
+    document.getElementById("advancedButton").style.display = "none";
+  }
+
   if (err == "inadequateSecurityError" || err == "blockedByPolicy") {
     // Remove the "Try again" button from pages that don't need it.
     // For HTTP/2 inadequate security or pages blocked by policy, trying
@@ -317,6 +303,80 @@ function initPage() {
   }
 }
 
+function setupErrorUI() {
+  document.getElementById("learnMoreContainer").style.display = "block";
+
+  let checkbox = document.getElementById("automaticallyReportInFuture");
+  checkbox.addEventListener("change", function({ target: { checked } }) {
+    document.dispatchEvent(
+      new CustomEvent("AboutNetErrorSetAutomatic", {
+        detail: checked,
+        bubbles: true,
+      })
+    );
+  });
+
+  let errorReportingEnabled = RPMGetBoolPref(
+    "security.ssl.errorReporting.enabled"
+  );
+  if (errorReportingEnabled) {
+    showCertificateErrorReporting();
+    let errorReportingAutomatic = RPMGetBoolPref(
+      "security.ssl.errorReporting.automatic"
+    );
+    checkbox.checked = !!errorReportingAutomatic;
+  }
+
+  // Values for telemtery bins: see TLS_ERROR_REPORT_UI in Histograms.json
+  const TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN = 0;
+  RPMSendAsyncMessage("Browser:SSLErrorReportTelemetry", {
+    reportStatus: TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN,
+  });
+}
+
+async function setNetErrorMessageFromCode() {
+  let hostString = document.location.hostname;
+  let port = document.location.port;
+  if (port && port != 443) {
+    hostString += ":" + port;
+  }
+
+  let securityInfo;
+  try {
+    securityInfo = document.getNetErrorInfo();
+  } catch (ex) {
+    // We don't have a securityInfo when this is for example a DNS error.
+    return;
+  }
+
+  let desc = document.getElementById("errorShortDescText");
+  let errorCodeStr = securityInfo.errorCodeString;
+  try {
+    let [errorCodeMsg] = await document.l10n.formatValues([
+      {
+        id: errorCodeStr
+          .split("_")
+          .join("-")
+          .toLowerCase(),
+      },
+    ]);
+    document.l10n.setAttributes(desc, "ssl-connection-error", {
+      errorMessage: errorCodeMsg,
+      hostname: hostString,
+    });
+    let desc2 = document.getElementById("errorShortDescText2");
+    document.l10n.setAttributes(desc2, "cert-error-code-prefix", {
+      error: errorCodeStr,
+    });
+  } catch (e) {
+    console.error("No strings exist for this error type");
+    document.l10n.setAttributes(desc, "ssl-connection-error", {
+      errorMsg: errorCodeStr,
+      hostname: hostString,
+    });
+  }
+}
+
 // This function centers the error container after its content updates.
 // It is currently duplicated in NetErrorChild.jsm to avoid having to do
 // async communication to the page that would result in flicker.
@@ -365,30 +425,8 @@ function initPageCertError() {
 
   addAutofocus("#returnButton");
   setupAdvancedButton();
+  setupErrorUI();
 
-  document.getElementById("learnMoreContainer").style.display = "block";
-
-  let checkbox = document.getElementById("automaticallyReportInFuture");
-  checkbox.addEventListener("change", function({ target: { checked } }) {
-    document.dispatchEvent(
-      new CustomEvent("AboutNetErrorSetAutomatic", {
-        detail: checked,
-        bubbles: true,
-      })
-    );
-  });
-
-  let errorReportingEnabled = RPMGetBoolPref(
-    "security.ssl.errorReporting.enabled"
-  );
-  if (errorReportingEnabled) {
-    document.getElementById("certificateErrorReporting").style.display =
-      "block";
-    let errorReportingAutomatic = RPMGetBoolPref(
-      "security.ssl.errorReporting.automatic"
-    );
-    checkbox.checked = !!errorReportingAutomatic;
-  }
   let hideAddExceptionButton = RPMGetBoolPref(
     "security.certerror.hideAddException",
     false

browser/base/content/aboutNetError.xhtml

@@ -26,6 +26,7 @@
          toolkit/components/places/src/nsFaviconService.h should be updated. -->
     <link rel="icon" id="favicon" href="chrome://global/skin/icons/warning.svg"/>
     <link rel="localization" href="browser/aboutCertError.ftl" />
+    <link rel="localization" href="browser/nsserrors.ftl" />
     <link rel="localization" href="branding/brand.ftl"/>
   </head>
 

browser/base/content/browser.js

@@ -3559,7 +3559,6 @@ var BrowserOnClick = {
     mm.addMessageListener("Browser:SiteBlockedError", this);
     mm.addMessageListener("Browser:SetSSLErrorReportAuto", this);
     mm.addMessageListener("Browser:ResetSSLPreferences", this);
-    mm.addMessageListener("Browser:SSLErrorReportTelemetry", this);
   },
 
   uninit() {
@@ -3568,7 +3567,6 @@ var BrowserOnClick = {
     mm.removeMessageListener("Browser:SiteBlockedError", this);
     mm.removeMessageListener("Browser:SetSSLErrorReportAuto", this);
     mm.removeMessageListener("Browser:ResetSSLPreferences", this);
-    mm.removeMessageListener("Browser:SSLErrorReportTelemetry", this);
   },
 
   receiveMessage(msg) {
@@ -3610,12 +3608,6 @@ var BrowserOnClick = {
         }
         Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI").add(bin);
         break;
-      case "Browser:SSLErrorReportTelemetry":
-        let reportStatus = msg.data.reportStatus;
-        Services.telemetry
-          .getHistogramById("TLS_ERROR_REPORT_UI")
-          .add(reportStatus);
-        break;
     }
   },
 

browser/base/content/test/general/browser_blockHPKP.js

@@ -79,7 +79,7 @@ var successfulPinningPageListener = {
 // to load the pinning domain again, this time removing the pinning information
 function errorPageLoaded() {
   ContentTask.spawn(gBrowser.selectedBrowser, null, async function() {
-    let textElement = content.document.getElementById("errorShortDescText");
+    let textElement = content.document.getElementById("errorShortDescText2");
     let text = textElement.innerHTML;
     ok(
       text.indexOf("MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE") > 0,

browser/components/BrowserGlue.jsm

@@ -260,7 +260,6 @@ let LEGACY_ACTORS = {
     child: {
       module: "resource:///actors/NetErrorChild.jsm",
       events: {
-        AboutNetErrorLoad: { wantUntrusted: true },
         AboutNetErrorSetAutomatic: { wantUntrusted: true },
         AboutNetErrorResetPreferences: { wantUntrusted: true },
         click: {},

browser/components/about/AboutNetErrorHandler.jsm

@@ -6,6 +6,7 @@
 
 var EXPORTED_SYMBOLS = ["AboutNetErrorHandler"];
 
+const PREF_SSL_IMPACT_ROOTS = ["security.tls.version.", "security.ssl3."];
 const { RemotePages } = ChromeUtils.import(
   "resource://gre/modules/remotepagemanager/RemotePageManagerParent.jsm"
 );
@@ -31,6 +32,7 @@ var AboutNetErrorHandler = {
     "Browser:PrimeMitm",
     "Browser:ResetEnterpriseRootsPref",
     "Browser:SSLErrorGoBack",
+    "GetChangedCertPrefs",
   ],
 
   init() {
@@ -90,9 +92,34 @@ var AboutNetErrorHandler = {
       case "Browser:SSLErrorGoBack":
         this.goBackFromErrorPage(msg.target.browser.ownerGlobal);
         break;
+      case "Browser:SSLErrorReportTelemetry":
+        let reportStatus = msg.data.reportStatus;
+        Services.telemetry
+          .getHistogramById("TLS_ERROR_REPORT_UI")
+          .add(reportStatus);
+        break;
+      case "GetChangedCertPrefs":
+        let hasChangedCertPrefs = this.hasChangedCertPrefs();
+        this.pageListener.sendAsyncMessage("HasChangedCertPrefs", {
+          hasChangedCertPrefs,
+        });
+        break;
     }
   },
 
+  hasChangedCertPrefs() {
+    let prefSSLImpact = PREF_SSL_IMPACT_ROOTS.reduce((prefs, root) => {
+      return prefs.concat(Services.prefs.getChildList(root));
+    }, []);
+    for (let prefName of prefSSLImpact) {
+      if (Services.prefs.prefHasUserValue(prefName)) {
+        return true;
+      }
+    }
+
+    return false;
+  },
+
   /**
    * Re-direct the browser to the previous page or a known-safe page if no
    * previous page is found in history.  This function is used when the user

browser/locales/en-US/browser/nsserrors.ftl

@@ -0,0 +1,350 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Variables:
+# $hostname (String) - Hostname of the website with SSL error.
+# $errorMessage (String) - Error message corresponding to the type of error we are experiencing.
+ssl-connection-error =
+    An error occurred during a connection to { $hostname }. { $errorMessage }
+
+# Variables:
+# $error (string) - NSS error code string that specifies type of cert error. e.g. unknown issuer, invalid cert, etc.
+cert-error-code-prefix = Error code: { $error }
+
+psmerr-ssl-disabled = Can’t connect securely because the SSL protocol has been disabled.
+psmerr-ssl2-disabled = Can’t connect securely because the site uses an older, insecure version of the SSL protocol.
+
+# This is a multi-line message.
+psmerr-hostreusedissuerandserial =
+    You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:
+
+    Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.
+
+ssl-error-export-only-server = Unable to communicate securely. Peer does not support high-grade encryption.
+ssl-error-us-only-server = Unable to communicate securely. Peer requires high-grade encryption which is not supported.
+ssl-error-no-cypher-overlap = Cannot communicate securely with peer: no common encryption algorithm(s).
+ssl-error-no-certificate = Unable to find the certificate or key necessary for authentication.
+ssl-error-bad-certificate = Unable to communicate securely with peer: peers’s certificate was rejected.
+ssl-error-bad-client = The server has encountered bad data from the client.
+ssl-error-bad-server = The client has encountered bad data from the server.
+ssl-error-unsupported-certificate-type = Unsupported certificate type.
+ssl-error-unsupported-version = Peer using unsupported version of security protocol.
+ssl-error-wrong-certificate = Client authentication failed: private key in key database does not match public key in certificate database.
+ssl-error-bad-cert-domain = Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
+ssl-error-post-warning = Unrecognized SSL error code.
+ssl-error-ssl2-disabled = Peer only supports SSL version 2, which is locally disabled.
+ssl-error-bad-mac-read = SSL received a record with an incorrect Message Authentication Code.
+ssl-error-bad-mac-alert = SSL peer reports incorrect Message Authentication Code.
+ssl-error-bad-cert-alert = SSL peer cannot verify your certificate.
+ssl-error-revoked-cert-alert = SSL peer rejected your certificate as revoked.
+ssl-error-expired-cert-alert = SSL peer rejected your certificate as expired.
+ssl-error-ssl-disabled = Cannot connect: SSL is disabled.
+ssl-error-fortezza-pqg = Cannot connect: SSL peer is in another FORTEZZA domain.
+ssl-error-unknown-cipher-suite = An unknown SSL cipher suite has been requested.
+ssl-error-no-ciphers-supported = No cipher suites are present and enabled in this program.
+ssl-error-bad-block-padding = SSL received a record with bad block padding.
+ssl-error-rx-record-too-long = SSL received a record that exceeded the maximum permissible length.
+ssl-error-tx-record-too-long = SSL attempted to send a record that exceeded the maximum permissible length.
+ssl-error-rx-malformed-hello-request = SSL received a malformed Hello Request handshake message.
+ssl-error-rx-malformed-client-hello = SSL received a malformed Client Hello handshake message.
+ssl-error-rx-malformed-server-hello = SSL received a malformed Server Hello handshake message.
+ssl-error-rx-malformed-certificate = SSL received a malformed Certificate handshake message.
+ssl-error-rx-malformed-server-key-exch = SSL received a malformed Server Key Exchange handshake message.
+ssl-error-rx-malformed-cert-request = SSL received a malformed Certificate Request handshake message.
+ssl-error-rx-malformed-hello-done = SSL received a malformed Server Hello Done handshake message.
+ssl-error-rx-malformed-cert-verify = SSL received a malformed Certificate Verify handshake message.
+ssl-error-rx-malformed-client-key-exch = SSL received a malformed Client Key Exchange handshake message.
+ssl-error-rx-malformed-finished = SSL received a malformed Finished handshake message.
+ssl-error-rx-malformed-change-cipher = SSL received a malformed Change Cipher Spec record.
+ssl-error-rx-malformed-alert = SSL received a malformed Alert record.
+ssl-error-rx-malformed-handshake = SSL received a malformed Handshake record.
+ssl-error-rx-malformed-application-data = SSL received a malformed Application Data record.
+ssl-error-rx-unexpected-hello-request = SSL received an unexpected Hello Request handshake message.
+ssl-error-rx-unexpected-client-hello = SSL received an unexpected Client Hello handshake message.
+ssl-error-rx-unexpected-server-hello = SSL received an unexpected Server Hello handshake message.
+ssl-error-rx-unexpected-certificate = SSL received an unexpected Certificate handshake message.
+ssl-error-rx-unexpected-server-key-exch = SSL received an unexpected Server Key Exchange handshake message.
+ssl-error-rx-unexpected-cert-request = SSL received an unexpected Certificate Request handshake message.
+ssl-error-rx-unexpected-hello-done = SSL received an unexpected Server Hello Done handshake message.
+ssl-error-rx-unexpected-cert-verify = SSL received an unexpected Certificate Verify handshake message.
+ssl-error-rx-unexpected-client-key-exch = SSL received an unexpected Client Key Exchange handshake message.
+ssl-error-rx-unexpected-finished = SSL received an unexpected Finished handshake message.
+ssl-error-rx-unexpected-change-cipher = SSL received an unexpected Change Cipher Spec record.
+ssl-error-rx-unexpected-alert = SSL received an unexpected Alert record.
+ssl-error-rx-unexpected-handshake = SSL received an unexpected Handshake record.
+ssl-error-rx-unexpected-application-data = SSL received an unexpected Application Data record.
+ssl-error-rx-unknown-record-type = SSL received a record with an unknown content type.
+ssl-error-rx-unknown-handshake = SSL received a handshake message with an unknown message type.
+ssl-error-rx-unknown-alert = SSL received an alert record with an unknown alert description.
+ssl-error-close-notify-alert = SSL peer has closed this connection.
+ssl-error-handshake-unexpected-alert = SSL peer was not expecting a handshake message it received.
+ssl-error-decompression-failure-alert = SSL peer was unable to successfully decompress an SSL record it received.
+ssl-error-handshake-failure-alert = SSL peer was unable to negotiate an acceptable set of security parameters.
+ssl-error-illegal-parameter-alert = SSL peer rejected a handshake message for unacceptable content.
+ssl-error-unsupported-cert-alert = SSL peer does not support certificates of the type it received.
+ssl-error-certificate-unknown-alert = SSL peer had some unspecified issue with the certificate it received.
+ssl-error-generate-random-failure = SSL experienced a failure of its random number generator.
+ssl-error-sign-hashes-failure = Unable to digitally sign data required to verify your certificate.
+ssl-error-extract-public-key-failure = SSL was unable to extract the public key from the peer’s certificate.
+ssl-error-server-key-exchange-failure = Unspecified failure while processing SSL Server Key Exchange handshake.
+ssl-error-client-key-exchange-failure = Unspecified failure while processing SSL Client Key Exchange handshake.
+ssl-error-encryption-failure = Bulk data encryption algorithm failed in selected cipher suite.
+ssl-error-decryption-failure = Bulk data decryption algorithm failed in selected cipher suite.
+ssl-error-socket-write-failure = Attempt to write encrypted data to underlying socket failed.
+ssl-error-md5-digest-failure = MD5 digest function failed.
+ssl-error-sha-digest-failure = SHA-1 digest function failed.
+ssl-error-mac-computation-failure = MAC computation failed.
+ssl-error-sym-key-context-failure = Failure to create Symmetric Key context.
+ssl-error-sym-key-unwrap-failure = Failure to unwrap the Symmetric key in Client Key Exchange message.
+ssl-error-pub-key-size-limit-exceeded = SSL Server attempted to use domestic-grade public key with export cipher suite.
+ssl-error-iv-param-failure = PKCS11 code failed to translate an IV into a param.
+ssl-error-init-cipher-suite-failure = Failed to initialize the selected cipher suite.
+ssl-error-session-key-gen-failure = Client failed to generate session keys for SSL session.
+ssl-error-no-server-key-for-alg = Server has no key for the attempted key exchange algorithm.
+ssl-error-token-insertion-removal = PKCS#11 token was inserted or removed while operation was in progress.
+ssl-error-token-slot-not-found = No PKCS#11 token could be found to do a required operation.
+ssl-error-no-compression-overlap = Cannot communicate securely with peer: no common compression algorithm(s).
+ssl-error-handshake-not-completed = Cannot initiate another SSL handshake until current handshake is complete.
+ssl-error-bad-handshake-hash-value = Received incorrect handshakes hash values from peer.
+ssl-error-cert-kea-mismatch = The certificate provided cannot be used with the selected key exchange algorithm.
+ssl-error-no-trusted-ssl-client-ca = No certificate authority is trusted for SSL client authentication.
+ssl-error-session-not-found = Client’s SSL session ID not found in server’s session cache.
+ssl-error-decryption-failed-alert = Peer was unable to decrypt an SSL record it received.
+ssl-error-record-overflow-alert = Peer received an SSL record that was longer than is permitted.
+ssl-error-unknown-ca-alert = Peer does not recognize and trust the CA that issued your certificate.
+ssl-error-access-denied-alert = Peer received a valid certificate, but access was denied.
+ssl-error-decode-error-alert = Peer could not decode an SSL handshake message.
+ssl-error-decrypt-error-alert = Peer reports failure of signature verification or key exchange.
+ssl-error-export-restriction-alert = Peer reports negotiation not in compliance with export regulations.
+ssl-error-protocol-version-alert = Peer reports incompatible or unsupported protocol version.
+ssl-error-insufficient-security-alert = Server requires ciphers more secure than those supported by client.
+ssl-error-internal-error-alert = Peer reports it experienced an internal error.
+ssl-error-user-canceled-alert = Peer user canceled handshake.
+ssl-error-no-renegotiation-alert = Peer does not permit renegotiation of SSL security parameters.
+ssl-error-server-cache-not-configured = SSL server cache not configured and not disabled for this socket.
+ssl-error-unsupported-extension-alert = SSL peer does not support requested TLS hello extension.
+ssl-error-certificate-unobtainable-alert = SSL peer could not obtain your certificate from the supplied URL.
+ssl-error-unrecognized-name-alert = SSL peer has no certificate for the requested DNS name.
+ssl-error-bad-cert-status-response-alert = SSL peer was unable to get an OCSP response for its certificate.
+ssl-error-bad-cert-hash-value-alert = SSL peer reported bad certificate hash value.
+ssl-error-rx-unexpected-new-session-ticket = SSL received an unexpected New Session Ticket handshake message.
+ssl-error-rx-malformed-new-session-ticket = SSL received a malformed New Session Ticket handshake message.
+ssl-error-decompression-failure = SSL received a compressed record that could not be decompressed.
+ssl-error-renegotiation-not-allowed = Renegotiation is not allowed on this SSL socket.
+ssl-error-unsafe-negotiation = Peer attempted old style (potentially vulnerable) handshake.
+ssl-error-rx-unexpected-uncompressed-record = SSL received an unexpected uncompressed record.
+ssl-error-weak-server-ephemeral-dh-key = SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
+ssl-error-next-protocol-data-invalid = SSL received invalid NPN extension data.
+ssl-error-feature-not-supported-for-ssl2 = SSL feature not supported for SSL 2.0 connections.
+ssl-error-feature-not-supported-for-servers = SSL feature not supported for servers.
+ssl-error-feature-not-supported-for-clients = SSL feature not supported for clients.
+ssl-error-invalid-version-range = SSL version range is not valid.
+ssl-error-cipher-disallowed-for-version = SSL peer selected a cipher suite disallowed for the selected protocol version.
+ssl-error-rx-malformed-hello-verify-request = SSL received a malformed Hello Verify Request handshake message.
+ssl-error-rx-unexpected-hello-verify-request = SSL received an unexpected Hello Verify Request handshake message.
+ssl-error-feature-not-supported-for-version = SSL feature not supported for the protocol version.
+ssl-error-rx-unexpected-cert-status = SSL received an unexpected Certificate Status handshake message.
+ssl-error-unsupported-hash-algorithm = Unsupported hash algorithm used by TLS peer.
+ssl-error-digest-failure = Digest function failed.
+ssl-error-incorrect-signature-algorithm = Incorrect signature algorithm specified in a digitally-signed element.
+ssl-error-next-protocol-no-callback = The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.
+ssl-error-next-protocol-no-protocol = The server supports no protocols that the client advertises in the ALPN extension.
+ssl-error-inappropriate-fallback-alert = The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.
+ssl-error-weak-server-cert-key = The server certificate included a public key that was too weak.
+ssl-error-rx-short-dtls-read = Not enough room in buffer for DTLS record.
+ssl-error-no-supported-signature-algorithm = No supported TLS signature algorithm was configured.
+ssl-error-unsupported-signature-algorithm = The peer used an unsupported combination of signature and hash algorithm.
+ssl-error-missing-extended-master-secret = The peer tried to resume without a correct extended_master_secret extension.
+ssl-error-unexpected-extended-master-secret = The peer tried to resume with an unexpected extended_master_secret extension.
+sec-error-io = An I/O error occurred during security authorization.
+sec-error-library-failure = security library failure.
+sec-error-bad-data = security library: received bad data.
+sec-error-output-len = security library: output length error.
+sec-error-input-len = security library has experienced an input length error.
+sec-error-invalid-args = security library: invalid arguments.
+sec-error-invalid-algorithm = security library: invalid algorithm.
+sec-error-invalid-ava = security library: invalid AVA.
+sec-error-invalid-time = Improperly formatted time string.
+sec-error-bad-der = security library: improperly formatted DER-encoded message.
+sec-error-bad-signature = Peer’s certificate has an invalid signature.
+sec-error-expired-certificate = Peer’s Certificate has expired.
+sec-error-revoked-certificate = Peer’s Certificate has been revoked.
+sec-error-unknown-issuer = Peer’s Certificate issuer is not recognized.
+sec-error-bad-key = Peer’s public key is invalid.
+sec-error-bad-password = The security password entered is incorrect.
+sec-error-retry-password = New password entered incorrectly. Please try again.
+sec-error-no-nodelock = security library: no nodelock.
+sec-error-bad-database = security library: bad database.
+sec-error-no-memory = security library: memory allocation failure.
+sec-error-untrusted-issuer = Peer’s certificate issuer has been marked as not trusted by the user.
+sec-error-untrusted-cert = Peer’s certificate has been marked as not trusted by the user.
+sec-error-duplicate-cert = Certificate already exists in your database.
+sec-error-duplicate-cert-name = Downloaded certificate’s name duplicates one already in your database.
+sec-error-adding-cert = Error adding certificate to database.
+sec-error-filing-key = Error refiling the key for this certificate.
+sec-error-no-key = The private key for this certificate cannot be found in key database
+sec-error-cert-valid = This certificate is valid.
+sec-error-cert-not-valid = This certificate is not valid.
+sec-error-cert-no-response = Cert Library: No Response
+sec-error-expired-issuer-certificate = The certificate issuer’s certificate has expired. Check your system date and time.
+sec-error-crl-expired = The CRL for the certificate’s issuer has expired. Update it or check your system date and time.
+sec-error-crl-bad-signature = The CRL for the certificate’s issuer has an invalid signature.
+sec-error-crl-invalid = New CRL has an invalid format.
+sec-error-extension-value-invalid = Certificate extension value is invalid.
+sec-error-extension-not-found = Certificate extension not found.
+sec-error-ca-cert-invalid = Issuer certificate is invalid.
+sec-error-path-len-constraint-invalid = Certificate path length constraint is invalid.
+sec-error-cert-usages-invalid = Certificate usages field is invalid.
+sec-internal-only = **Internal ONLY module**
+sec-error-invalid-key = The key does not support the requested operation.
+sec-error-unknown-critical-extension = Certificate contains unknown critical extension.
+sec-error-old-crl = New CRL is not later than the current one.
+sec-error-no-email-cert = Not encrypted or signed: you do not yet have an email certificate.
+sec-error-no-recipient-certs-query = Not encrypted: you do not have certificates for each of the recipients.
+sec-error-not-a-recipient = Cannot decrypt: you are not a recipient, or matching certificate and private key not found.
+sec-error-pkcs7-keyalg-mismatch = Cannot decrypt: key encryption algorithm does not match your certificate.
+sec-error-pkcs7-bad-signature = Signature verification failed: no signer found, too many signers found, or improper or corrupted data.
+sec-error-unsupported-keyalg = Unsupported or unknown key algorithm.
+sec-error-decryption-disallowed = Cannot decrypt: encrypted using a disallowed algorithm or key size.
+xp-sec-fortezza-bad-card = Fortezza card has not been properly initialized. Please remove it and return it to your issuer.
+xp-sec-fortezza-no-card = No Fortezza cards Found
+xp-sec-fortezza-none-selected = No Fortezza card selected
+xp-sec-fortezza-more-info = Please select a personality to get more info on
+xp-sec-fortezza-person-not-found = Personality not found
+xp-sec-fortezza-no-more-info = No more information on that Personality
+xp-sec-fortezza-bad-pin = Invalid Pin
+xp-sec-fortezza-person-error = Couldn’t initialize Fortezza personalities.
+sec-error-no-krl = No KRL for this site’s certificate has been found.
+sec-error-krl-expired = The KRL for this site’s certificate has expired.
+sec-error-krl-bad-signature = The KRL for this site’s certificate has an invalid signature.
+sec-error-revoked-key = The key for this site’s certificate has been revoked.
+sec-error-krl-invalid = New KRL has an invalid format.
+sec-error-need-random = security library: need random data.
+sec-error-no-module = security library: no security module can perform the requested operation.
+sec-error-no-token = The security card or token does not exist, needs to be initialized, or has been removed.
+sec-error-read-only = security library: read-only database.
+sec-error-no-slot-selected = No slot or token was selected.
+sec-error-cert-nickname-collision = A certificate with the same nickname already exists.
+sec-error-key-nickname-collision = A key with the same nickname already exists.
+sec-error-safe-not-created = error while creating safe object
+sec-error-baggage-not-created = error while creating baggage object
+xp-java-remove-principal-error = Couldn’t remove the principal
+xp-java-delete-privilege-error = Couldn’t delete the privilege
+xp-java-cert-not-exists-error = This principal doesn’t have a certificate
+sec-error-bad-export-algorithm = Required algorithm is not allowed.
+sec-error-exporting-certificates = Error attempting to export certificates.
+sec-error-importing-certificates = Error attempting to import certificates.
+sec-error-pkcs12-decoding-pfx = Unable to import. Decoding error. File not valid.
+sec-error-pkcs12-invalid-mac = Unable to import. Invalid MAC. Incorrect password or corrupt file.
+sec-error-pkcs12-unsupported-mac-algorithm = Unable to import. MAC algorithm not supported.
+sec-error-pkcs12-unsupported-transport-mode = Unable to import. Only password integrity and privacy modes supported.
+sec-error-pkcs12-corrupt-pfx-structure = Unable to import. File structure is corrupt.
+sec-error-pkcs12-unsupported-pbe-algorithm = Unable to import. Encryption algorithm not supported.
+sec-error-pkcs12-unsupported-version = Unable to import. File version not supported.
+sec-error-pkcs12-privacy-password-incorrect = Unable to import. Incorrect privacy password.
+sec-error-pkcs12-cert-collision = Unable to import. Same nickname already exists in database.
+sec-error-user-cancelled = The user pressed cancel.
+sec-error-pkcs12-duplicate-data = Not imported, already in database.
+sec-error-message-send-aborted = Message not sent.
+sec-error-inadequate-key-usage = Certificate key usage inadequate for attempted operation.
+sec-error-inadequate-cert-type = Certificate type not approved for application.
+sec-error-cert-addr-mismatch = Address in signing certificate does not match address in message headers.
+sec-error-pkcs12-unable-to-import-key = Unable to import. Error attempting to import private key.
+sec-error-pkcs12-importing-cert-chain = Unable to import. Error attempting to import certificate chain.
+sec-error-pkcs12-unable-to-locate-object-by-name = Unable to export. Unable to locate certificate or key by nickname.
+sec-error-pkcs12-unable-to-export-key = Unable to export. Private Key could not be located and exported.
+sec-error-pkcs12-unable-to-write = Unable to export. Unable to write the export file.
+sec-error-pkcs12-unable-to-read = Unable to import. Unable to read the import file.
+sec-error-pkcs12-key-database-not-initialized = Unable to export. Key database corrupt or deleted.
+sec-error-keygen-fail = Unable to generate public/private key pair.
+sec-error-invalid-password = Password entered is invalid. Please pick a different one.
+sec-error-retry-old-password = Old password entered incorrectly. Please try again.
+sec-error-bad-nickname = Certificate nickname already in use.
+sec-error-not-fortezza-issuer = Peer FORTEZZA chain has a non-FORTEZZA Certificate.
+sec-error-cannot-move-sensitive-key = A sensitive key cannot be moved to the slot where it is needed.
+sec-error-js-invalid-module-name = Invalid module name.
+sec-error-js-invalid-dll = Invalid module path/filename
+sec-error-js-add-mod-failure = Unable to add module
+sec-error-js-del-mod-failure = Unable to delete module
+sec-error-old-krl = New KRL is not later than the current one.
+sec-error-ckl-conflict = New CKL has different issuer than current CKL. Delete current CKL.
+sec-error-cert-not-in-name-space = The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
+sec-error-krl-not-yet-valid = The key revocation list for this certificate is not yet valid.
+sec-error-crl-not-yet-valid = The certificate revocation list for this certificate is not yet valid.
+sec-error-unknown-cert = The requested certificate could not be found.
+sec-error-unknown-signer = The signer’s certificate could not be found.
+sec-error-cert-bad-access-location = The location for the certificate status server has invalid format.
+sec-error-ocsp-unknown-response-type = The OCSP response cannot be fully decoded; it is of an unknown type.
+sec-error-ocsp-bad-http-response = The OCSP server returned unexpected/invalid HTTP data.
+sec-error-ocsp-malformed-request = The OCSP server found the request to be corrupted or improperly formed.
+sec-error-ocsp-server-error = The OCSP server experienced an internal error.
+sec-error-ocsp-try-server-later = The OCSP server suggests trying again later.
+sec-error-ocsp-request-needs-sig = The OCSP server requires a signature on this request.
+sec-error-ocsp-unauthorized-request = The OCSP server has refused this request as unauthorized.
+sec-error-ocsp-unknown-response-status = The OCSP server returned an unrecognizable status.
+sec-error-ocsp-unknown-cert = The OCSP server has no status for the certificate.
+sec-error-ocsp-not-enabled = You must enable OCSP before performing this operation.
+sec-error-ocsp-no-default-responder = You must set the OCSP default responder before performing this operation.
+sec-error-ocsp-malformed-response = The response from the OCSP server was corrupted or improperly formed.
+sec-error-ocsp-unauthorized-response = The signer of the OCSP response is not authorized to give status for this certificate.
+sec-error-ocsp-future-response = The OCSP response is not yet valid (contains a date in the future).
+sec-error-ocsp-old-response = The OCSP response contains out-of-date information.
+sec-error-digest-not-found = The CMS or PKCS #7 Digest was not found in signed message.
+sec-error-unsupported-message-type = The CMS or PKCS #7 Message type is unsupported.
+sec-error-module-stuck = PKCS #11 module could not be removed because it is still in use.
+sec-error-bad-template = Could not decode ASN.1 data. Specified template was invalid.
+sec-error-crl-not-found = No matching CRL was found.
+sec-error-reused-issuer-and-serial = You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
+sec-error-busy = NSS could not shutdown. Objects are still in use.
+sec-error-extra-input = DER-encoded message contained extra unused data.
+sec-error-unsupported-elliptic-curve = Unsupported elliptic curve.
+sec-error-unsupported-ec-point-form = Unsupported elliptic curve point form.
+sec-error-unrecognized-oid = Unrecognized Object Identifier.
+sec-error-ocsp-invalid-signing-cert = Invalid OCSP signing certificate in OCSP response.
+sec-error-revoked-certificate-crl = Certificate is revoked in issuer’s certificate revocation list.
+sec-error-revoked-certificate-ocsp = Issuer’s OCSP responder reports certificate is revoked.
+sec-error-crl-invalid-version = Issuer’s Certificate Revocation List has an unknown version number.
+sec-error-crl-v1-critical-extension = Issuer’s V1 Certificate Revocation List has a critical extension.
+sec-error-crl-unknown-critical-extension = Issuer’s V2 Certificate Revocation List has an unknown critical extension.
+sec-error-unknown-object-type = Unknown object type specified.
+sec-error-incompatible-pkcs11 = PKCS #11 driver violates the spec in an incompatible way.
+sec-error-no-event = No new slot event is available at this time.
+sec-error-crl-already-exists = CRL already exists.
+sec-error-not-initialized = NSS is not initialized.
+sec-error-token-not-logged-in = The operation failed because the PKCS#11 token is not logged in.
+sec-error-ocsp-responder-cert-invalid = Configured OCSP responder’s certificate is invalid.
+sec-error-ocsp-bad-signature = OCSP response has an invalid signature.
+sec-error-out-of-search-limits = Cert validation search is out of search limits
+sec-error-invalid-policy-mapping = Policy mapping contains anypolicy
+sec-error-policy-validation-failed = Cert chain fails policy validation
+sec-error-unknown-aia-location-type = Unknown location type in cert AIA extension
+sec-error-bad-http-response = Server returned bad HTTP response
+sec-error-bad-ldap-response = Server returned bad LDAP response
+sec-error-failed-to-encode-data = Failed to encode data with ASN1 encoder
+sec-error-bad-info-access-location = Bad information access location in cert extension
+sec-error-libpkix-internal = Libpkix internal error occurred during cert validation.
+sec-error-pkcs11-general-error = A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
+sec-error-pkcs11-function-failed = A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.
+sec-error-pkcs11-device-error = A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.
+sec-error-bad-info-access-method = Unknown information access method in certificate extension.
+sec-error-crl-import-failed = Error attempting to import a CRL.
+sec-error-expired-password = The password expired.
+sec-error-locked-password = The password is locked.
+sec-error-unknown-pkcs11-error = Unknown PKCS #11 error.
+sec-error-bad-crl-dp-url = Invalid or unsupported URL in CRL distribution point name.
+sec-error-cert-signature-algorithm-disabled = The certificate was signed using a signature algorithm that is disabled because it is not secure.
+mozilla-pkix-error-key-pinning-failure = The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.
+mozilla-pkix-error-ca-cert-used-as-end-entity = The server uses a certificate with a basic constraints extension identifying it as a certificate authority. For a properly-issued certificate, this should not be the case.
+mozilla-pkix-error-inadequate-key-size = The server presented a certificate with a key size that is too small to establish a secure connection.
+mozilla-pkix-error-v1-cert-used-as-ca = An X.509 version 1 certificate that is not a trust anchor was used to issue the server’s certificate. X.509 version 1 certificates are deprecated and should not be used to sign other certificates.
+mozilla-pkix-error-not-yet-valid-certificate = The server presented a certificate that is not yet valid.
+mozilla-pkix-error-not-yet-valid-issuer-certificate = A certificate that is not yet valid was used to issue the server’s certificate.
+mozilla-pkix-error-signature-algorithm-mismatch = The signature algorithm in the signature field of the certificate does not match the algorithm in its signatureAlgorithm field.
+mozilla-pkix-error-ocsp-response-for-cert-missing = The OCSP response does not include a status for the certificate being verified.
+mozilla-pkix-error-validity-too-long = The server presented a certificate that is valid for too long.
+mozilla-pkix-error-required-tls-feature-missing = A required TLS feature is missing.
+mozilla-pkix-error-invalid-integer-encoding = The server presented a certificate that contains an invalid encoding of an integer. Common causes include negative serial numbers, negative RSA moduli, and encodings that are longer than necessary.
+mozilla-pkix-error-empty-issuer-name = The server presented a certificate with an empty issuer distinguished name.
+mozilla-pkix-error-additional-policy-constraint-failed = An additional policy constraint failed when validating this certificate.
+mozilla-pkix-error-self-signed-cert = The certificate is not trusted because it is self-signed.

python/l10n/fluent_migrations/bug_1561443_aboutCertError2.py

@@ -0,0 +1,385 @@
+# coding=utf8
+
+# Any copyright is dedicated to the Public Domain.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+from __future__ import absolute_import
+import fluent.syntax.ast as FTL
+from fluent.migrate.helpers import transforms_from
+from fluent.migrate.helpers import VARIABLE_REFERENCE
+from fluent.migrate import COPY, REPLACE
+
+def migrate(ctx):
+	"""Bug 1561443 - Move _getErrorMessageFromCode from NetErrorChild.jsm to aboutNetError.js"""
+	ctx.add_transforms(
+                'browser/browser/nsserrors.ftl',
+		'browser/browser/nsserrors.ftl',
+	transforms_from(
+"""
+ssl-error-export-only-server = { COPY(from_path, "SSL_ERROR_EXPORT_ONLY_SERVER") }
+ssl-error-us-only-server = { COPY(from_path, "SSL_ERROR_US_ONLY_SERVER") }
+ssl-error-no-cypher-overlap = { COPY(from_path, "SSL_ERROR_NO_CYPHER_OVERLAP") }
+ssl-error-no-certificate = { COPY(from_path, "SSL_ERROR_NO_CERTIFICATE") }
+ssl-error-bad-certificate = { COPY(from_path, "SSL_ERROR_BAD_CERTIFICATE") }
+ssl-error-bad-client = { COPY(from_path, "SSL_ERROR_BAD_CLIENT") }
+ssl-error-bad-server = { COPY(from_path, "SSL_ERROR_BAD_SERVER") }
+ssl-error-unsupported-certificate-type = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE") }
+ssl-error-unsupported-version = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_VERSION") }
+ssl-error-wrong-certificate = { COPY(from_path, "SSL_ERROR_WRONG_CERTIFICATE") }
+ssl-error-bad-cert-domain = { COPY(from_path, "SSL_ERROR_BAD_CERT_DOMAIN") }
+ssl-error-post-warning = { COPY(from_path, "SSL_ERROR_POST_WARNING") }
+ssl-error-ssl2-disabled = { COPY(from_path, "SSL_ERROR_SSL2_DISABLED") }
+ssl-error-bad-mac-read = { COPY(from_path, "SSL_ERROR_BAD_MAC_READ") }
+ssl-error-bad-mac-alert = { COPY(from_path, "SSL_ERROR_BAD_MAC_ALERT") }
+ssl-error-bad-cert-alert = { COPY(from_path, "SSL_ERROR_BAD_CERT_ALERT") }
+ssl-error-revoked-cert-alert = { COPY(from_path, "SSL_ERROR_REVOKED_CERT_ALERT") }
+ssl-error-expired-cert-alert = { COPY(from_path, "SSL_ERROR_EXPIRED_CERT_ALERT") }
+ssl-error-ssl-disabled = { COPY(from_path, "SSL_ERROR_SSL_DISABLED") }
+ssl-error-fortezza-pqg = { COPY(from_path, "SSL_ERROR_FORTEZZA_PQG") }
+ssl-error-unknown-cipher-suite = { COPY(from_path, "SSL_ERROR_UNKNOWN_CIPHER_SUITE") }
+ssl-error-no-ciphers-supported = { COPY(from_path, "SSL_ERROR_NO_CIPHERS_SUPPORTED") }
+ssl-error-bad-block-padding = { COPY(from_path, "SSL_ERROR_BAD_BLOCK_PADDING") }
+ssl-error-rx-record-too-long = { COPY(from_path, "SSL_ERROR_RX_RECORD_TOO_LONG") }
+ssl-error-tx-record-too-long = { COPY(from_path, "SSL_ERROR_TX_RECORD_TOO_LONG") }
+ssl-error-rx-malformed-hello-request = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_HELLO_REQUEST") }
+ssl-error-rx-malformed-client-hello = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CLIENT_HELLO") }
+ssl-error-rx-malformed-server-hello = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_SERVER_HELLO") }
+ssl-error-rx-malformed-certificate = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CERTIFICATE") }
+ssl-error-rx-malformed-server-key-exch = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH") }
+ssl-error-rx-malformed-cert-request = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CERT_REQUEST") }
+ssl-error-rx-malformed-hello-done = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_HELLO_DONE") }
+ssl-error-rx-malformed-cert-verify = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CERT_VERIFY") }
+ssl-error-rx-malformed-client-key-exch = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH") }
+ssl-error-rx-malformed-finished = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_FINISHED") }
+ssl-error-rx-malformed-change-cipher = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER") }
+ssl-error-rx-malformed-alert = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_ALERT") }
+ssl-error-rx-malformed-handshake = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_HANDSHAKE") }
+ssl-error-rx-malformed-application-data = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_APPLICATION_DATA") }
+ssl-error-rx-unexpected-hello-request = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST") }
+ssl-error-rx-unexpected-client-hello = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO") }
+ssl-error-rx-unexpected-server-hello = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO") }
+ssl-error-rx-unexpected-certificate = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CERTIFICATE") }
+ssl-error-rx-unexpected-server-key-exch = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH") }
+ssl-error-rx-unexpected-cert-request = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST") }
+ssl-error-rx-unexpected-hello-done = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_HELLO_DONE") }
+ssl-error-rx-unexpected-cert-verify = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY") }
+ssl-error-rx-unexpected-client-key-exch = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH") }
+ssl-error-rx-unexpected-finished = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_FINISHED") }
+ssl-error-rx-unexpected-change-cipher = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER") }
+ssl-error-rx-unexpected-alert = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_ALERT") }
+ssl-error-rx-unexpected-handshake = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_HANDSHAKE") }
+ssl-error-rx-unexpected-application-data = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA") }
+ssl-error-rx-unknown-record-type = { COPY(from_path, "SSL_ERROR_RX_UNKNOWN_RECORD_TYPE") }
+ssl-error-rx-unknown-handshake = { COPY(from_path, "SSL_ERROR_RX_UNKNOWN_HANDSHAKE") }
+ssl-error-rx-unknown-alert = { COPY(from_path, "SSL_ERROR_RX_UNKNOWN_ALERT") }
+ssl-error-close-notify-alert = { COPY(from_path, "SSL_ERROR_CLOSE_NOTIFY_ALERT") }
+ssl-error-handshake-unexpected-alert = { COPY(from_path, "SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT") }
+ssl-error-decompression-failure-alert = { COPY(from_path, "SSL_ERROR_DECOMPRESSION_FAILURE_ALERT") }
+ssl-error-handshake-failure-alert = { COPY(from_path, "SSL_ERROR_HANDSHAKE_FAILURE_ALERT") }
+ssl-error-illegal-parameter-alert = { COPY(from_path, "SSL_ERROR_ILLEGAL_PARAMETER_ALERT") }
+ssl-error-unsupported-cert-alert = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_CERT_ALERT") }
+ssl-error-certificate-unknown-alert = { COPY(from_path, "SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT") }
+ssl-error-generate-random-failure = { COPY(from_path, "SSL_ERROR_GENERATE_RANDOM_FAILURE") }
+ssl-error-sign-hashes-failure = { COPY(from_path, "SSL_ERROR_SIGN_HASHES_FAILURE") }
+ssl-error-extract-public-key-failure = { COPY(from_path, "SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE") }
+ssl-error-server-key-exchange-failure = { COPY(from_path, "SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE") }
+ssl-error-client-key-exchange-failure = { COPY(from_path, "SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE") }
+ssl-error-encryption-failure = { COPY(from_path, "SSL_ERROR_ENCRYPTION_FAILURE") }
+ssl-error-decryption-failure = { COPY(from_path, "SSL_ERROR_DECRYPTION_FAILURE") }
+ssl-error-socket-write-failure = { COPY(from_path, "SSL_ERROR_SOCKET_WRITE_FAILURE") }
+ssl-error-md5-digest-failure = { COPY(from_path, "SSL_ERROR_MD5_DIGEST_FAILURE") }
+ssl-error-sha-digest-failure = { COPY(from_path, "SSL_ERROR_SHA_DIGEST_FAILURE") }
+ssl-error-mac-computation-failure = { COPY(from_path, "SSL_ERROR_MAC_COMPUTATION_FAILURE") }
+ssl-error-sym-key-context-failure = { COPY(from_path, "SSL_ERROR_SYM_KEY_CONTEXT_FAILURE") }
+ssl-error-sym-key-unwrap-failure = { COPY(from_path, "SSL_ERROR_SYM_KEY_UNWRAP_FAILURE") }
+ssl-error-pub-key-size-limit-exceeded = { COPY(from_path, "SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED") }
+ssl-error-iv-param-failure = { COPY(from_path, "SSL_ERROR_IV_PARAM_FAILURE") }
+ssl-error-init-cipher-suite-failure = { COPY(from_path, "SSL_ERROR_INIT_CIPHER_SUITE_FAILURE") }
+ssl-error-session-key-gen-failure = { COPY(from_path, "SSL_ERROR_SESSION_KEY_GEN_FAILURE") }
+ssl-error-no-server-key-for-alg = { COPY(from_path, "SSL_ERROR_NO_SERVER_KEY_FOR_ALG") }
+ssl-error-token-insertion-removal = { COPY(from_path, "SSL_ERROR_TOKEN_INSERTION_REMOVAL") }
+ssl-error-token-slot-not-found = { COPY(from_path, "SSL_ERROR_TOKEN_SLOT_NOT_FOUND") }
+ssl-error-no-compression-overlap = { COPY(from_path, "SSL_ERROR_NO_COMPRESSION_OVERLAP") }
+ssl-error-handshake-not-completed = { COPY(from_path, "SSL_ERROR_HANDSHAKE_NOT_COMPLETED") }
+ssl-error-bad-handshake-hash-value = { COPY(from_path, "SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE") }
+ssl-error-cert-kea-mismatch = { COPY(from_path, "SSL_ERROR_CERT_KEA_MISMATCH") }
+ssl-error-no-trusted-ssl-client-ca = { COPY(from_path, "SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA") }
+ssl-error-session-not-found = { COPY(from_path, "SSL_ERROR_SESSION_NOT_FOUND") }
+ssl-error-decryption-failed-alert = { COPY(from_path, "SSL_ERROR_DECRYPTION_FAILED_ALERT") }
+ssl-error-record-overflow-alert = { COPY(from_path, "SSL_ERROR_RECORD_OVERFLOW_ALERT") }
+ssl-error-unknown-ca-alert = { COPY(from_path, "SSL_ERROR_UNKNOWN_CA_ALERT") }
+ssl-error-access-denied-alert = { COPY(from_path, "SSL_ERROR_ACCESS_DENIED_ALERT") }
+ssl-error-decode-error-alert = { COPY(from_path, "SSL_ERROR_DECODE_ERROR_ALERT") }
+ssl-error-decrypt-error-alert = { COPY(from_path, "SSL_ERROR_DECRYPT_ERROR_ALERT") }
+ssl-error-export-restriction-alert = { COPY(from_path, "SSL_ERROR_EXPORT_RESTRICTION_ALERT") }
+ssl-error-protocol-version-alert = { COPY(from_path, "SSL_ERROR_PROTOCOL_VERSION_ALERT") }
+ssl-error-insufficient-security-alert = { COPY(from_path, "SSL_ERROR_INSUFFICIENT_SECURITY_ALERT") }
+ssl-error-internal-error-alert = { COPY(from_path, "SSL_ERROR_INTERNAL_ERROR_ALERT") }
+ssl-error-user-canceled-alert = { COPY(from_path, "SSL_ERROR_USER_CANCELED_ALERT") }
+ssl-error-no-renegotiation-alert = { COPY(from_path, "SSL_ERROR_NO_RENEGOTIATION_ALERT") }
+ssl-error-server-cache-not-configured = { COPY(from_path, "SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED") }
+ssl-error-unsupported-extension-alert = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT") }
+ssl-error-certificate-unobtainable-alert = { COPY(from_path, "SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT") }
+ssl-error-unrecognized-name-alert = { COPY(from_path, "SSL_ERROR_UNRECOGNIZED_NAME_ALERT") }
+ssl-error-bad-cert-status-response-alert = { COPY(from_path, "SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT") }
+ssl-error-bad-cert-hash-value-alert = { COPY(from_path, "SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT") }
+ssl-error-rx-unexpected-new-session-ticket = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET") }
+ssl-error-rx-malformed-new-session-ticket = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET") }
+ssl-error-decompression-failure = { COPY(from_path, "SSL_ERROR_DECOMPRESSION_FAILURE") }
+ssl-error-renegotiation-not-allowed = { COPY(from_path, "SSL_ERROR_RENEGOTIATION_NOT_ALLOWED") }
+ssl-error-unsafe-negotiation = { COPY(from_path, "SSL_ERROR_UNSAFE_NEGOTIATION") }
+ssl-error-rx-unexpected-uncompressed-record = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD") }
+ssl-error-weak-server-ephemeral-dh-key = { COPY(from_path, "SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY") }
+ssl-error-next-protocol-data-invalid = { COPY(from_path, "SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID") }
+ssl-error-feature-not-supported-for-ssl2 = { COPY(from_path, "SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2") }
+ssl-error-feature-not-supported-for-servers = { COPY(from_path, "SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS") }
+ssl-error-feature-not-supported-for-clients = { COPY(from_path, "SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS") }
+ssl-error-invalid-version-range = { COPY(from_path, "SSL_ERROR_INVALID_VERSION_RANGE") }
+ssl-error-cipher-disallowed-for-version = { COPY(from_path, "SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION") }
+ssl-error-rx-malformed-hello-verify-request = { COPY(from_path, "SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST") }
+ssl-error-rx-unexpected-hello-verify-request = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST") }
+ssl-error-feature-not-supported-for-version = { COPY(from_path, "SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION") }
+ssl-error-rx-unexpected-cert-status = { COPY(from_path, "SSL_ERROR_RX_UNEXPECTED_CERT_STATUS") }
+ssl-error-unsupported-hash-algorithm = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM") }
+ssl-error-digest-failure = { COPY(from_path, "SSL_ERROR_DIGEST_FAILURE") }
+ssl-error-incorrect-signature-algorithm = { COPY(from_path, "SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM") }
+ssl-error-next-protocol-no-callback = { COPY(from_path, "SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK") }
+ssl-error-next-protocol-no-protocol = { COPY(from_path, "SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL") }
+ssl-error-inappropriate-fallback-alert = { COPY(from_path, "SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT") }
+ssl-error-weak-server-cert-key = { COPY(from_path, "SSL_ERROR_WEAK_SERVER_CERT_KEY") }
+ssl-error-rx-short-dtls-read = { COPY(from_path, "SSL_ERROR_RX_SHORT_DTLS_READ") }
+ssl-error-no-supported-signature-algorithm = { COPY(from_path, "SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM") }
+ssl-error-unsupported-signature-algorithm = { COPY(from_path, "SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM") }
+ssl-error-missing-extended-master-secret = { COPY(from_path, "SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET") }
+ssl-error-unexpected-extended-master-secret = { COPY(from_path, "SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET") }
+sec-error-io = { COPY(from_path, "SEC_ERROR_IO") }
+sec-error-library-failure = { COPY(from_path, "SEC_ERROR_LIBRARY_FAILURE") }
+sec-error-bad-data = { COPY(from_path, "SEC_ERROR_BAD_DATA") }
+sec-error-output-len = { COPY(from_path, "SEC_ERROR_OUTPUT_LEN") }
+sec-error-input-len = { COPY(from_path, "SEC_ERROR_INPUT_LEN") }
+sec-error-invalid-args = { COPY(from_path, "SEC_ERROR_INVALID_ARGS") }
+sec-error-invalid-algorithm = { COPY(from_path, "SEC_ERROR_INVALID_ALGORITHM") }
+sec-error-invalid-ava = { COPY(from_path, "SEC_ERROR_INVALID_AVA") }
+sec-error-invalid-time = { COPY(from_path, "SEC_ERROR_INVALID_TIME") }
+sec-error-bad-der = { COPY(from_path, "SEC_ERROR_BAD_DER") }
+sec-error-bad-signature = { COPY(from_path, "SEC_ERROR_BAD_SIGNATURE") }
+sec-error-expired-certificate = { COPY(from_path, "SEC_ERROR_EXPIRED_CERTIFICATE") }
+sec-error-revoked-certificate = { COPY(from_path, "SEC_ERROR_REVOKED_CERTIFICATE") }
+sec-error-unknown-issuer = { COPY(from_path, "SEC_ERROR_UNKNOWN_ISSUER") }
+sec-error-bad-key = { COPY(from_path, "SEC_ERROR_BAD_KEY") }
+sec-error-bad-password = { COPY(from_path, "SEC_ERROR_BAD_PASSWORD") }
+sec-error-retry-password = { COPY(from_path, "SEC_ERROR_RETRY_PASSWORD") }
+sec-error-no-nodelock = { COPY(from_path, "SEC_ERROR_NO_NODELOCK") }
+sec-error-bad-database = { COPY(from_path, "SEC_ERROR_BAD_DATABASE") }
+sec-error-no-memory = { COPY(from_path, "SEC_ERROR_NO_MEMORY") }
+sec-error-untrusted-issuer = { COPY(from_path, "SEC_ERROR_UNTRUSTED_ISSUER") }
+sec-error-untrusted-cert = { COPY(from_path, "SEC_ERROR_UNTRUSTED_CERT") }
+sec-error-duplicate-cert = { COPY(from_path, "SEC_ERROR_DUPLICATE_CERT") }
+sec-error-duplicate-cert-name = { COPY(from_path, "SEC_ERROR_DUPLICATE_CERT_NAME") }
+sec-error-adding-cert = { COPY(from_path, "SEC_ERROR_ADDING_CERT") }
+sec-error-filing-key = { COPY(from_path, "SEC_ERROR_FILING_KEY") }
+sec-error-no-key = { COPY(from_path, "SEC_ERROR_NO_KEY") }
+sec-error-cert-valid = { COPY(from_path, "SEC_ERROR_CERT_VALID") }
+sec-error-cert-not-valid = { COPY(from_path, "SEC_ERROR_CERT_NOT_VALID") }
+sec-error-cert-no-response = { COPY(from_path, "SEC_ERROR_CERT_NO_RESPONSE") }
+sec-error-expired-issuer-certificate = { COPY(from_path, "SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE") }
+sec-error-crl-expired = { COPY(from_path, "SEC_ERROR_CRL_EXPIRED") }
+sec-error-crl-bad-signature = { COPY(from_path, "SEC_ERROR_CRL_BAD_SIGNATURE") }
+sec-error-crl-invalid = { COPY(from_path, "SEC_ERROR_CRL_INVALID") }
+sec-error-extension-value-invalid = { COPY(from_path, "SEC_ERROR_EXTENSION_VALUE_INVALID") }
+sec-error-extension-not-found = { COPY(from_path, "SEC_ERROR_EXTENSION_NOT_FOUND") }
+sec-error-ca-cert-invalid = { COPY(from_path, "SEC_ERROR_CA_CERT_INVALID") }
+sec-error-path-len-constraint-invalid = { COPY(from_path, "SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID") }
+sec-error-cert-usages-invalid = { COPY(from_path, "SEC_ERROR_CERT_USAGES_INVALID") }
+sec-internal-only = { COPY(from_path, "SEC_INTERNAL_ONLY") }
+sec-error-invalid-key = { COPY(from_path, "SEC_ERROR_INVALID_KEY") }
+sec-error-unknown-critical-extension = { COPY(from_path, "SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION") }
+sec-error-old-crl = { COPY(from_path, "SEC_ERROR_OLD_CRL") }
+sec-error-no-email-cert = { COPY(from_path, "SEC_ERROR_NO_EMAIL_CERT") }
+sec-error-no-recipient-certs-query = { COPY(from_path, "SEC_ERROR_NO_RECIPIENT_CERTS_QUERY") }
+sec-error-not-a-recipient = { COPY(from_path, "SEC_ERROR_NOT_A_RECIPIENT") }
+sec-error-pkcs7-keyalg-mismatch = { COPY(from_path, "SEC_ERROR_PKCS7_KEYALG_MISMATCH") }
+sec-error-pkcs7-bad-signature = { COPY(from_path, "SEC_ERROR_PKCS7_BAD_SIGNATURE") }
+sec-error-unsupported-keyalg = { COPY(from_path, "SEC_ERROR_UNSUPPORTED_KEYALG") }
+sec-error-decryption-disallowed = { COPY(from_path, "SEC_ERROR_DECRYPTION_DISALLOWED") }
+xp-sec-fortezza-bad-card = { COPY(from_path, "XP_SEC_FORTEZZA_BAD_CARD") }
+xp-sec-fortezza-no-card = { COPY(from_path, "XP_SEC_FORTEZZA_NO_CARD") }
+xp-sec-fortezza-none-selected = { COPY(from_path, "XP_SEC_FORTEZZA_NONE_SELECTED") }
+xp-sec-fortezza-more-info = { COPY(from_path, "XP_SEC_FORTEZZA_MORE_INFO") }
+xp-sec-fortezza-person-not-found = { COPY(from_path, "XP_SEC_FORTEZZA_PERSON_NOT_FOUND") }
+xp-sec-fortezza-no-more-info = { COPY(from_path, "XP_SEC_FORTEZZA_NO_MORE_INFO") }
+xp-sec-fortezza-bad-pin = { COPY(from_path, "XP_SEC_FORTEZZA_BAD_PIN") }
+xp-sec-fortezza-person-error = { COPY(from_path, "XP_SEC_FORTEZZA_PERSON_ERROR") }
+sec-error-no-krl = { COPY(from_path, "SEC_ERROR_NO_KRL") }
+sec-error-krl-expired = { COPY(from_path, "SEC_ERROR_KRL_EXPIRED") }
+sec-error-krl-bad-signature = { COPY(from_path, "SEC_ERROR_KRL_BAD_SIGNATURE") }
+sec-error-revoked-key = { COPY(from_path, "SEC_ERROR_REVOKED_KEY") }
+sec-error-krl-invalid = { COPY(from_path, "SEC_ERROR_KRL_INVALID") }
+sec-error-need-random = { COPY(from_path, "SEC_ERROR_NEED_RANDOM") }
+sec-error-no-module = { COPY(from_path, "SEC_ERROR_NO_MODULE") }
+sec-error-no-token = { COPY(from_path, "SEC_ERROR_NO_TOKEN") }
+sec-error-read-only = { COPY(from_path, "SEC_ERROR_READ_ONLY") }
+sec-error-no-slot-selected = { COPY(from_path, "SEC_ERROR_NO_SLOT_SELECTED") }
+sec-error-cert-nickname-collision = { COPY(from_path, "SEC_ERROR_CERT_NICKNAME_COLLISION") }
+sec-error-key-nickname-collision = { COPY(from_path, "SEC_ERROR_KEY_NICKNAME_COLLISION") }
+sec-error-safe-not-created = { COPY(from_path, "SEC_ERROR_SAFE_NOT_CREATED") }
+sec-error-baggage-not-created = { COPY(from_path, "SEC_ERROR_BAGGAGE_NOT_CREATED") }
+xp-java-remove-principal-error = { COPY(from_path, "XP_JAVA_REMOVE_PRINCIPAL_ERROR") }
+xp-java-delete-privilege-error = { COPY(from_path, "XP_JAVA_DELETE_PRIVILEGE_ERROR") }
+xp-java-cert-not-exists-error = { COPY(from_path, "XP_JAVA_CERT_NOT_EXISTS_ERROR") }
+sec-error-bad-export-algorithm = { COPY(from_path, "SEC_ERROR_BAD_EXPORT_ALGORITHM") }
+sec-error-exporting-certificates = { COPY(from_path, "SEC_ERROR_EXPORTING_CERTIFICATES") }
+sec-error-importing-certificates = { COPY(from_path, "SEC_ERROR_IMPORTING_CERTIFICATES") }
+sec-error-pkcs12-decoding-pfx = { COPY(from_path, "SEC_ERROR_PKCS12_DECODING_PFX") }
+sec-error-pkcs12-invalid-mac = { COPY(from_path, "SEC_ERROR_PKCS12_INVALID_MAC") }
+sec-error-pkcs12-unsupported-mac-algorithm = { COPY(from_path, "SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM") }
+sec-error-pkcs12-unsupported-transport-mode = { COPY(from_path, "SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE") }
+sec-error-pkcs12-corrupt-pfx-structure = { COPY(from_path, "SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE") }
+sec-error-pkcs12-unsupported-pbe-algorithm = { COPY(from_path, "SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM") }
+sec-error-pkcs12-unsupported-version = { COPY(from_path, "SEC_ERROR_PKCS12_UNSUPPORTED_VERSION") }
+sec-error-pkcs12-privacy-password-incorrect = { COPY(from_path, "SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT") }
+sec-error-pkcs12-cert-collision = { COPY(from_path, "SEC_ERROR_PKCS12_CERT_COLLISION") }
+sec-error-user-cancelled = { COPY(from_path, "SEC_ERROR_USER_CANCELLED") }
+sec-error-pkcs12-duplicate-data = { COPY(from_path, "SEC_ERROR_PKCS12_DUPLICATE_DATA") }
+sec-error-message-send-aborted = { COPY(from_path, "SEC_ERROR_MESSAGE_SEND_ABORTED") }
+sec-error-inadequate-key-usage = { COPY(from_path, "SEC_ERROR_INADEQUATE_KEY_USAGE") }
+sec-error-inadequate-cert-type = { COPY(from_path, "SEC_ERROR_INADEQUATE_CERT_TYPE") }
+sec-error-cert-addr-mismatch = { COPY(from_path, "SEC_ERROR_CERT_ADDR_MISMATCH") }
+sec-error-pkcs12-unable-to-import-key = { COPY(from_path, "SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY") }
+sec-error-pkcs12-importing-cert-chain = { COPY(from_path, "SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN") }
+sec-error-pkcs12-unable-to-locate-object-by-name = { COPY(from_path, "SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME") }
+sec-error-pkcs12-unable-to-export-key = { COPY(from_path, "SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY") }
+sec-error-pkcs12-unable-to-write = { COPY(from_path, "SEC_ERROR_PKCS12_UNABLE_TO_WRITE") }
+sec-error-pkcs12-unable-to-read = { COPY(from_path, "SEC_ERROR_PKCS12_UNABLE_TO_READ") }
+sec-error-pkcs12-key-database-not-initialized = { COPY(from_path, "SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED") }
+sec-error-keygen-fail = { COPY(from_path, "SEC_ERROR_KEYGEN_FAIL") }
+sec-error-invalid-password = { COPY(from_path, "SEC_ERROR_INVALID_PASSWORD") }
+sec-error-retry-old-password = { COPY(from_path, "SEC_ERROR_RETRY_OLD_PASSWORD") }
+sec-error-bad-nickname = { COPY(from_path, "SEC_ERROR_BAD_NICKNAME") }
+sec-error-not-fortezza-issuer = { COPY(from_path, "SEC_ERROR_NOT_FORTEZZA_ISSUER") }
+sec-error-cannot-move-sensitive-key = { COPY(from_path, "SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY") }
+sec-error-js-invalid-module-name = { COPY(from_path, "SEC_ERROR_JS_INVALID_MODULE_NAME") }
+sec-error-js-invalid-dll = { COPY(from_path, "SEC_ERROR_JS_INVALID_DLL") }
+sec-error-js-add-mod-failure = { COPY(from_path, "SEC_ERROR_JS_ADD_MOD_FAILURE") }
+sec-error-js-del-mod-failure = { COPY(from_path, "SEC_ERROR_JS_DEL_MOD_FAILURE") }
+sec-error-old-krl = { COPY(from_path, "SEC_ERROR_OLD_KRL") }
+sec-error-ckl-conflict = { COPY(from_path, "SEC_ERROR_CKL_CONFLICT") }
+sec-error-cert-not-in-name-space = { COPY(from_path, "SEC_ERROR_CERT_NOT_IN_NAME_SPACE") }
+sec-error-krl-not-yet-valid = { COPY(from_path, "SEC_ERROR_KRL_NOT_YET_VALID") }
+sec-error-crl-not-yet-valid = { COPY(from_path, "SEC_ERROR_CRL_NOT_YET_VALID") }
+sec-error-unknown-cert = { COPY(from_path, "SEC_ERROR_UNKNOWN_CERT") }
+sec-error-unknown-signer = { COPY(from_path, "SEC_ERROR_UNKNOWN_SIGNER") }
+sec-error-cert-bad-access-location = { COPY(from_path, "SEC_ERROR_CERT_BAD_ACCESS_LOCATION") }
+sec-error-ocsp-unknown-response-type = { COPY(from_path, "SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE") }
+sec-error-ocsp-bad-http-response = { COPY(from_path, "SEC_ERROR_OCSP_BAD_HTTP_RESPONSE") }
+sec-error-ocsp-malformed-request = { COPY(from_path, "SEC_ERROR_OCSP_MALFORMED_REQUEST") }
+sec-error-ocsp-server-error = { COPY(from_path, "SEC_ERROR_OCSP_SERVER_ERROR") }
+sec-error-ocsp-try-server-later = { COPY(from_path, "SEC_ERROR_OCSP_TRY_SERVER_LATER") }
+sec-error-ocsp-request-needs-sig = { COPY(from_path, "SEC_ERROR_OCSP_REQUEST_NEEDS_SIG") }
+sec-error-ocsp-unauthorized-request = { COPY(from_path, "SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST") }
+sec-error-ocsp-unknown-response-status = { COPY(from_path, "SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS") }
+sec-error-ocsp-unknown-cert = { COPY(from_path, "SEC_ERROR_OCSP_UNKNOWN_CERT") }
+sec-error-ocsp-not-enabled = { COPY(from_path, "SEC_ERROR_OCSP_NOT_ENABLED") }
+sec-error-ocsp-no-default-responder = { COPY(from_path, "SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER") }
+sec-error-ocsp-malformed-response = { COPY(from_path, "SEC_ERROR_OCSP_MALFORMED_RESPONSE") }
+sec-error-ocsp-unauthorized-response = { COPY(from_path, "SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE") }
+sec-error-ocsp-future-response = { COPY(from_path, "SEC_ERROR_OCSP_FUTURE_RESPONSE") }
+sec-error-ocsp-old-response = { COPY(from_path, "SEC_ERROR_OCSP_OLD_RESPONSE") }
+sec-error-digest-not-found = { COPY(from_path, "SEC_ERROR_DIGEST_NOT_FOUND") }
+sec-error-unsupported-message-type = { COPY(from_path, "SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE") }
+sec-error-module-stuck = { COPY(from_path, "SEC_ERROR_MODULE_STUCK") }
+sec-error-bad-template = { COPY(from_path, "SEC_ERROR_BAD_TEMPLATE") }
+sec-error-crl-not-found = { COPY(from_path, "SEC_ERROR_CRL_NOT_FOUND") }
+sec-error-reused-issuer-and-serial = { COPY(from_path, "SEC_ERROR_REUSED_ISSUER_AND_SERIAL") }
+sec-error-busy = { COPY(from_path, "SEC_ERROR_BUSY") }
+sec-error-extra-input = { COPY(from_path, "SEC_ERROR_EXTRA_INPUT") }
+sec-error-unsupported-elliptic-curve = { COPY(from_path, "SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE") }
+sec-error-unsupported-ec-point-form = { COPY(from_path, "SEC_ERROR_UNSUPPORTED_EC_POINT_FORM") }
+sec-error-unrecognized-oid = { COPY(from_path, "SEC_ERROR_UNRECOGNIZED_OID") }
+sec-error-ocsp-invalid-signing-cert = { COPY(from_path, "SEC_ERROR_OCSP_INVALID_SIGNING_CERT") }
+sec-error-revoked-certificate-crl = { COPY(from_path, "SEC_ERROR_REVOKED_CERTIFICATE_CRL") }
+sec-error-revoked-certificate-ocsp = { COPY(from_path, "SEC_ERROR_REVOKED_CERTIFICATE_OCSP") }
+sec-error-crl-invalid-version = { COPY(from_path, "SEC_ERROR_CRL_INVALID_VERSION") }
+sec-error-crl-v1-critical-extension = { COPY(from_path, "SEC_ERROR_CRL_V1_CRITICAL_EXTENSION") }
+sec-error-crl-unknown-critical-extension = { COPY(from_path, "SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION") }
+sec-error-unknown-object-type = { COPY(from_path, "SEC_ERROR_UNKNOWN_OBJECT_TYPE") }
+sec-error-incompatible-pkcs11 = { COPY(from_path, "SEC_ERROR_INCOMPATIBLE_PKCS11") }
+sec-error-no-event = { COPY(from_path, "SEC_ERROR_NO_EVENT") }
+sec-error-crl-already-exists = { COPY(from_path, "SEC_ERROR_CRL_ALREADY_EXISTS") }
+sec-error-not-initialized = { COPY(from_path, "SEC_ERROR_NOT_INITIALIZED") }
+sec-error-token-not-logged-in = { COPY(from_path, "SEC_ERROR_TOKEN_NOT_LOGGED_IN") }
+sec-error-ocsp-responder-cert-invalid = { COPY(from_path, "SEC_ERROR_OCSP_RESPONDER_CERT_INVALID") }
+sec-error-ocsp-bad-signature = { COPY(from_path, "SEC_ERROR_OCSP_BAD_SIGNATURE") }
+sec-error-out-of-search-limits = { COPY(from_path, "SEC_ERROR_OUT_OF_SEARCH_LIMITS") }
+sec-error-invalid-policy-mapping = { COPY(from_path, "SEC_ERROR_INVALID_POLICY_MAPPING") }
+sec-error-policy-validation-failed = { COPY(from_path, "SEC_ERROR_POLICY_VALIDATION_FAILED") }
+sec-error-unknown-aia-location-type = { COPY(from_path, "SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE") }
+sec-error-bad-http-response = { COPY(from_path, "SEC_ERROR_BAD_HTTP_RESPONSE") }
+sec-error-bad-ldap-response = { COPY(from_path, "SEC_ERROR_BAD_LDAP_RESPONSE") }
+sec-error-failed-to-encode-data = { COPY(from_path, "SEC_ERROR_FAILED_TO_ENCODE_DATA") }
+sec-error-bad-info-access-location = { COPY(from_path, "SEC_ERROR_BAD_INFO_ACCESS_LOCATION") }
+sec-error-libpkix-internal = { COPY(from_path, "SEC_ERROR_LIBPKIX_INTERNAL") }
+sec-error-pkcs11-general-error = { COPY(from_path, "SEC_ERROR_PKCS11_GENERAL_ERROR") }
+sec-error-pkcs11-function-failed = { COPY(from_path, "SEC_ERROR_PKCS11_FUNCTION_FAILED") }
+sec-error-pkcs11-device-error = { COPY(from_path, "SEC_ERROR_PKCS11_DEVICE_ERROR") }
+sec-error-bad-info-access-method = { COPY(from_path, "SEC_ERROR_BAD_INFO_ACCESS_METHOD") }
+sec-error-crl-import-failed = { COPY(from_path, "SEC_ERROR_CRL_IMPORT_FAILED") }
+sec-error-expired-password = { COPY(from_path, "SEC_ERROR_EXPIRED_PASSWORD") }
+sec-error-locked-password = { COPY(from_path, "SEC_ERROR_LOCKED_PASSWORD") }
+sec-error-unknown-pkcs11-error = { COPY(from_path, "SEC_ERROR_UNKNOWN_PKCS11_ERROR") }
+sec-error-bad-crl-dp-url = { COPY(from_path, "SEC_ERROR_BAD_CRL_DP_URL") }
+sec-error-cert-signature-algorithm-disabled = { COPY(from_path, "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED") }
+mozilla-pkix-error-key-pinning-failure = { COPY(from_path, "MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE") }
+mozilla-pkix-error-ca-cert-used-as-end-entity = { COPY(from_path, "MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY") }
+mozilla-pkix-error-inadequate-key-size = { COPY(from_path, "MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE") }
+mozilla-pkix-error-v1-cert-used-as-ca = { COPY(from_path, "MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA") }
+mozilla-pkix-error-not-yet-valid-certificate = { COPY(from_path, "MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE") }
+mozilla-pkix-error-not-yet-valid-issuer-certificate = { COPY(from_path, "MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE") }
+mozilla-pkix-error-signature-algorithm-mismatch = { COPY(from_path, "MOZILLA_PKIX_ERROR_SIGNATURE_ALGORITHM_MISMATCH") }
+mozilla-pkix-error-ocsp-response-for-cert-missing = { COPY(from_path, "MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING") }
+mozilla-pkix-error-validity-too-long = { COPY(from_path, "MOZILLA_PKIX_ERROR_VALIDITY_TOO_LONG") }
+mozilla-pkix-error-required-tls-feature-missing = { COPY(from_path, "MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING") }
+mozilla-pkix-error-invalid-integer-encoding = { COPY(from_path, "MOZILLA_PKIX_ERROR_INVALID_INTEGER_ENCODING") }
+mozilla-pkix-error-empty-issuer-name = { COPY(from_path, "MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME") }
+mozilla-pkix-error-additional-policy-constraint-failed = { COPY(from_path, "MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED") }
+mozilla-pkix-error-self-signed-cert = { COPY(from_path, "MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT") }
+""", from_path="security/manager/chrome/pipnss/nsserrors.properties"))
+	ctx.add_transforms(
+		'browser/browser/nsserrors.ftl',
+		'browser/browser/nsserrors.ftl',
+		[
+			FTL.Message(
+				id=FTL.Identifier('ssl-connection-error'),
+				value=REPLACE(
+					'security/manager/chrome/pipnss/pipnss.properties',
+					'SSLConnectionErrorPrefix2',
+					{
+						"%1$S": VARIABLE_REFERENCE("hostname"),
+						"%2$S": VARIABLE_REFERENCE("errorMessage"),
+						"\n": FTL.TextElement(""),
+					},
+					normalize_printf=True
+				),
+			),
+			FTL.Message(
+				id=FTL.Identifier('cert-error-code-prefix'),
+				value=REPLACE(
+					'security/manager/chrome/pipnss/pipnss.properties',
+					'certErrorCodePrefix3',
+					{
+						"%1$S": VARIABLE_REFERENCE("error"),
+					},
+					normalize_printf=True
+                                ),
+                        ),
+		]
+	)
+	ctx.add_transforms(
+                'browser/browser/nsserrors.ftl',
+                'browser/browser/nsserrors.ftl',
+	transforms_from(
+"""
+psmerr-ssl-disabled = { COPY(from_path, "PSMERR_SSL_Disabled") }
+psmerr-ssl2-disabled = { COPY(from_path, "PSMERR_SSL2_Disabled") }
+psmerr-hostreusedissuerandserial = { COPY(from_path, "PSMERR_HostReusedIssuerSerial") }
+""", from_path="security/manager/chrome/pipnss/pipnss.properties"))

toolkit/components/remotepagemanager/MessagePort.jsm

@@ -53,6 +53,14 @@ let RPMAccessManager = {
       getAppBuildID: ["yes"],
       recordTelemetryEvent: ["yes"],
     },
+    "about:neterror": {
+      getFormatURLPref: ["app.support.baseURL"],
+      getBoolPref: [
+        "security.ssl.errorReporting.enabled",
+        "security.ssl.errorReporting.automatic",
+        "security.certerror.hideAddException",
+      ],
+    },
     "about:privatebrowsing": {
       // "sendAsyncMessage": handled within AboutPrivateBrowsingHandler.jsm
       getFormatURLPref: ["app.support.baseURL"],
@@ -100,6 +108,9 @@ let RPMAccessManager = {
     if (uri.startsWith("about:certerror")) {
       uri = "about:certerror";
     }
+    if (uri.startsWith("about:neterror")) {
+      uri = "about:neterror";
+    }
 
     // check if there is an entry for that requestying URI in the accessMap;
     // if not, deny access.