Isode Events (Facility Detail)

Summary: Isode components write to logging streams when events occur.

Facility X509

X.509 system

NameSeverityIDDescriptionAction
add_cert_pathdetail161 The Certificate Path has been returned to the calling function. None
algorithm_type_incompatibleerror12 The certificate has a key type that's incompatible with the signature algorithm.
algorithm_type_unsupportederror13 Signed object uses an unsupported signature algorithm.
bad_decode_sigerror124 %1 could not decode the signature. None.
bad_encodeerror120 %1: couldn't encode the operation to sign it None.
bit_string_errorerror71 An internal error occurred. See other log entries for details.
build_timeerror69 An internal error occurred. See other log entries for details.
cert_usageerror42 Digitally signed bind arguments and responses must have a certificate that permits that usage: the certificate should have the keyUsage extension, with at least the digitalSignature bit set.
cert_verify_failerror9 Validation of a certificate failed.
certificate_issuerdetail59The DN of the CA which issued the Certificate Information only
certificate_subjectdetail187The Subject of the Certificate Information only
certpath_encode_failerror152 CertificationPath did not encode. None
certsdetail3 The number of certificates loaded from the x509 directory.
cic_sig_invaliderror176 The Message Token contains a content integrity check which ensures the message has been carried unchanged. This signature in the content integrity check has not been validated which means the signed content cannot be relied on. No reliance on the message content can be made.
cic_tbs_gen_failederror177 An error occurred while generating the to be signed structure for the content integrity check. Look for messages earlier in the log file.
client_sessiondetail64 Information Only. An X509 client session is being established using this DN. None.
client_session_okdetail65 Information Only. An X509 client session has been successfully established using this DN. None.
CML_errorerror26 A CML function returned an error code.
cml_init_failureerror111 Initializing CML failed. Check other events for details.
config_parse_failerror102 There was some error in reading the X.509 config file. This file can contain blank lines, comments (lines beginning with #), and lines beginning "ldap_host ", "ldap_port ", "check_crl ". ldap_host has to be followed by a host name (or IP address), ldap_port by a number, and check_crl by "yes" or "no". (That description uses double quotes to indicate literal text, no double quotes should appear in the file.)
constr_msg_tok_enc_errerror160 The X.509 subsystem was unable to encode the PEPSY structure. None
constr_msg_tok_failerror188 The X.509 sub-system was unable to generate the Message Token. See earlier log message for possible reasons
constr_msg_tok_okinformation163 The X.509 subsystem has successfully generated a MessageToken for this recipient of the message None
constr_msg_tok_sig_okdetail159 The X.509 sub-system was able to generate the Message Token. None
cpath_errorerror74 An error occurred while constructing the certificate path to put into the strong credentials. See other log entries for details.
create_pubkey_failerror10 We failed to create a public key object.
crl_offwarning105 Certificates (received in strong authentication or signed operations) will not be checked against current CRLs. So certificates that have been revoked may be regarded as still valid.
crl_oninformation104 Certificates (received in strong authentication or signed operations) will be checked against current CRLs.
crls_offwarning99 Information Only. CRL checking is enabled in the CML library.
crls_oninformation98 Information Only. CRL checking is enabled in the CML library.
del_env_recipinformation170 Reports the value of the recipient in the delivery envelope. None - information only.
disablederror19 Source release was built with the X.509 functionality disabled.
DLOpenFailwarning1 X.509 shared object failed to load.
dn_match_errorerror85 The DN in the StrongCredentials does not match the DN in the Certificate. Configure the remote end to use the Certificate to create correct Strong Credentials.
dn_match_okdetail93 The DN in the strong bind and the DN of the MTA must match. This message logs the fact that they do. None.
dn_match_opdetail86 The DN in the StrongCredentials matches the DN in the Certificate. None.
do_check_strongdetail77Information only. None.
do_strongdetail75Information only. None.
done_check_strongdetail78Information only. None.
done_strongdetail76Information only. None.
done_strong_checkinformation189Information only. None.
dsa_sig_decode_failerror47 DSA signatures have a particular format: they're BER (usually DER) encoded SEQUENCE {INTEGER, INTEGER}, where each INTEGER is 20 octets long. One was received which failed to decode.
dsa_sig_encode_failerror48 Failure while encoding DSA signature (probably out of memory).
dsapverifyinformation15 Verification succeeded.
dsp_missing_sigerror125 %1 was called with the DSP operation missing a mandatory signature. None.
dump_gen_sig_pedetail61Describes the directory into which the generated signature is written. Debug Information only. This can be compared with the signature from the MOAC
dump_sig_pedetail60Describes the directory into which the MOAC signature is written. Debug Information only. This can be compared with the generated signature
enc_atberror72 AN internal error occurred. See other log entries for details.
enc_errorerror73 An internal error occurred while encoding a PE. See other log entries for details.
entropyerror32 RAND_status returned an error, which probably indicates insufficient entropy. On Unix, this is likely to happen because /dev/urandom is not present or readable.
fail_to_get_orig_certerror174 The originator certificate which we use the check the signature, cannot be found in the multiple originator certificates extension. Check the encoding sent by the remote UA.
function_not_foundwarning45 A required function is missing from shared library.
function_unavailablewarning20 X.509 functionality is not available because initialization of it failed, and a function requiring it was called.
functions_not_implementederror44 A shared object library was found, but it does not contain implementations of X.509 functions.
gdidetail87 An Global Domain Identifier was found in the Strong Credentials. This value is ignored in this release.
gdi_in_tokenerror146 A GDI was supplied in the token to check against the locally configured value for our GDI, however the check was not carried out. This may indicate interworking problems with the remote MTA.
gen_cic_failerror166 The content integrity check cannot be generated. See previous log messages.
gen_sig_okdetail53The MOAC for this message was successfully generated. Information only
gen_tok_sig_okdetail168 The X.509 successfully generated the Token signature. None.
gen_tok_tbs_failerror167 The X.509 subsystem failed to generated the Token to be signed. See previous log messages.
got_san_mta_gdidetail190Information only. None.
id_okdetail68 Information Only. A trusted certificate for the ID has been found in the file name reported. None.
id_rejdetail67 Information Only. A trusted certificate for the ID has been found in the file name reported but cannot be used. None.
identitiesinformation4 the number of identities loaded.
identity_chosenerror41 The application attempted to choose an identity (either default, or for a specific connection), but the identity has already been selected.
identity_foundinformation6 An identity was found for this DN.
identity_notfounderror7 An identity for this DN was requested, and none was found.
init_dir_ignorednotice158 x509_init_security() was passed a directory that does not exist or is not readable, so it will not be used. See earlier log message for possible reasons
init_mismatcherror142 x509_init_security is passed a directory. It can be called more than once, but only with the same directory each time (subsequent calls have no effect). Application error.
init_securitydetail62 Information Only. The X509 security environment is being established using this ID. The ID is a filesystem directory in which a subdirectory named x509 contains the Digital Identities as a set of pkcs11 files. None.
init_security_okdetail63 Information Only. The X509 security environment has been established using this ID. The ID is a filesystem directory in which a subdirectory named x509 contains the Digital Identities as a set of pkcs11 files. The number of Digital Identities found is also reported. None.
init_subjectinformation83 The StrongCredentials contained a Certificate and the Subject DN is reported. None.
initialization_failnotice46 X.509 isn't available; this event message gives the reason.
inv_tokenerror94 The OID in the token of a strong P1 bind must be 2.6.3.6.0. Check configuration and presentation addresses
invalid_cert_selerror179 The certificate selector which identifies the certificate to be used to check the Message Token signature is invalid. Check the encoding sent by the remote UA.
isode_errorerror28 Some internal isode function was called, which returned an error.
missing_nonce_typeerror128 %1 : The nonce type within the x509context is not set. None.
missing_securityerror126 %1 was called without any SecurityParameters None.
missing_security_patherror127 %1 : The SecurityParameters provided don't contain a certificate path None.
missing_sigerror123 %1 was called with the operation missing a signature None.
moac_tbs_bs_gen_failerror50 Failure while generate byte stream for MOAC TBS (probably out of memory). See other log entries for details.
moac_tbs_encode_failerror49 Failure while encoding MOAC TBS (probably out of memory). See other log entries for details.
msg_tok_mem_alloc_errerror164 A memory allocation failure has occurred. The system has probably run out of resources. Check the system for process which are hogging resources
mt_cic_verify_okdetail185 Verified the signature of the content integrity check in the message token Information only
mt_sig_verify_okdetail184 Verified the signature of the message token itself Information only
mt_verify_oknotice186 Verified the all the Message Token successfully Information only
MTA_AsymmetricTokenBody_Wpdu113P1 Bind with Strong AuthNo Operator Action
mta_name_match_okdetail91 Our MTA name in token. This value successfully checked against the value in the Strong Credentials. None.
mta_name_mismatcherror90 Our MTA name was found in the Strong Credentials. This value is checked against the local value. The two must match but did not match. Check configuration of both ends.
name_rejectederror197 A name (usually from a certificate) has a problem. The component is a number (counting from 0) indicating which part of the name has the problem, and the description indicates the problem, usually that the UTF8 conversion of the name component contains a NUL (but may also be some internal error in performing the check).
noerror97 The OID in the token of a strong P1 bind must be set to 2.6.3.6.0. Check configuration and presentation addresses
no_aeterror109 Cannot determine the name of the remote MTA. Contact Isode support.
no_aet_checkdetail148 No AET was provided to check against the value in the token. The MTA has been configured not to check DN of the subject of the Certificate against the AET in the bind. This is configured in the X.400 channel using EMMA.
no_aet_errorerror81 They did not provide an AET therefore we cannot accept their strong bind. Check the configuration of the remote end. Ensure it is connecting to the expected protocal server.
no_cert_ctxerror198 Some functions require a certificate context (a way to verify certificates). One was called without such a context (with the context NULL or with a session with a NULL context).
no_cert_selerror178 The certificate selector which identifies the certificate to be used to check the Message Token signature is not present. Check the encoding sent by the remote UA.
no_certificate_senterror11 We (currently) require a certificate with a bind, and none was sent.
no_configdetail140 Attempting to open the config file %s for the security environment. None - this is not an error.
no_current_identitywarning8 Application asked for the current identity, and there isn't one.
no_gdidetail144 This release is not checking whether the GDI in the token, matches the locally configured value for our GDI. None.
no_gdi_in_tokendetail145 No GDI was supplied in the token to check against the locally configured value for our GDI. None.
no_iderror136 No Digital IDs found in the security environment can be used for this client session. Check that your have configured either a password for the application, or that a pass-phrase file has been created in the same directory as the P12 file, with the same name as the P12 file, with a .pphr suffix. Alternatively, you can set the private key in the P12 file so that it is not protected by a pass-phrase. For security reasons, this is not recommended.
no_identitieswarning5 No identities were loaded, so no strong authentication will be possible.
no_mta_nameerror88 No MTA name was found in the token. This value is mandatory. Check the configuration of the remote MTA.
no_mta_name_checkdetail147 No MTAName was provided to check against the value in the token. This may indicate interworking problems with the remote MTA. This is an internal error which should be reported to Isode support.
no_orig_certerror57 No Originator certificate found in the message envelope with which to verify the signature. Check the message as received in the Queue. Ensure that the sender constructed the message and signature correctly
no_peer_dnerror30 Attempting to construct a strong bind argument, but the argument lacks the dba_dn field, which should contain the DN of the entity we're attempting to connect to.
no_PKCS11_liberror156 This may be because no library was specified in x509/config, or that the library failed to load. Contact Isode support
no_pphrdetail138 The attempt to open the passphrase for this Digital ID has failed. None.
no_pub_keyerror84 The Certificate supplied does not contain a public key and cannot therefore be used for a strong bind. Configure the remote end to use a suitable Certificate.
no_public_key_in_orig_certificateerror58Although an originator certificate is present in the message envelope, there is no public key available to use to verify the signature Check the message as received in the Queue. Ensure that the sender constructed the message and signature correctly
no_secenverror143 x509_init_security must be passed a directory. Internal error.
no_serial_num_and_dn_matcherror183 The serial number ond issuer DN in certicate selector extension cannot be found in the multi-orig-certs extension. This means there is no certificate which can be used to verify the MessageToken signature. Check the encoding and configuration on the remote UA which sent the message.
no_tokenerror95 The OID in the token of a strong P1 bind must be set to 2.6.3.6.0. Check configuration and presentation addresses
noidentityerror22 Some functions require a session with an identity, and this one was called with a session without an identity.
nonce_badlenerror33 We require that a bind argument has 80 bits in random1, and that a bind response has 160 bits: the concatenation of the bind argument and a fresh 80 bit nonce.
nonce_mismatcherror34 We require that a bind response contain random1 which begins with the same bits as the original bind argument. This message failed that test.
nonce_replayerror40 An attempt was made to bind using a nonce which has already been used in a previous session.
nonce_uncheckederror37 We can't check nonces yet. This log is to warn that code needs to be filled in.
nosessionerror21 Some functions require a session, and this one was called with the session set to NULL.
not_add_cert_pathdetail162 The Certificate Path has not been returned to the calling function. None
not_using_ldapdetail101 LDAP certificate/CRL retrieval has been disabled.
null_nonce_checkererror39 We failed to initialise a nonce checker; this is fatal (for X.509), and no X.509 services will be available.
oid_errerror96 An internal error occurred performing str2oid(). Check other log messages.
oid_mismatcherror151 Some kinds of signed ASN.1 have the signature algorithm both inside the signed part, and outside. These two must match, and in this case they do not, so verification fails. Identify origin of the mismatched OIDs and report error
openssl_init_failerror200 The OpenSSL initialisation has failed in some way.
opensslinit_failwarning2 SSL_library_init returned a fail code
our_cert_serial_numinformation169 Reports the value of the serial number in our certificate. None - information only.
our_mta_namedetail92 Our MTA name. This value is checked againt the value in the Strong Credentials. None.
override_security_levelnotice201
pe_decode_errorerror80 The PE could not be decoded. See other log entries for details.
pe_errorerror70 An internal error occurred. See other log entries for details.
PKCS11_errorerror25 A PKCS#11 function returned an error code.
read_certdetail66 Information Only. A certificate for the ID has been found in the file name reported. None.
read_configdetail139 Attempting to open the config file %s for the security environment. None.
read_config_okdetail141 Successfully read the config file %s for the security environment. None.
read_pphrdetail112 The passphrase for the private key has been read from the passphrase file. The passphrase filename has the form p12filename.pphr. None.
report_serial_numsdetail180 The serial numbers of the originator certicate and multi-orig-certs are reported. If these and the issuer CA DNs match, this is the certificate to use to check the MessageToken signature. None - information only.
require_signed_opsinformation117 The named connection is configured (probably using authcon) with the given settings for signed operations. Signed operations may be required for modification operations, and for non-modifying operations. None.
response_dnerror36 x509_dsapverify attempted to verify a bind response, but the response was signed by a key from a different entity.
san_gdi_matchesinformation191Information only. None.
san_gdi_mismatcherror192The subjectAltName in the Certificate in the bind contains a GDI which does not match the GDI configured in the AE for their MTA. None.
san_mta_matchesinformation193Information only. None.
san_mta_mismatcherror194The subjectAltName in the Certificate in the bind contains an MTAName which does not match the GDI configured in the AE for their MTA. None.
serial_nums_and_dns_matchdetail182 The serial numbers of the originator certicate and multi-orig-certs are reported. These serial numbers and issuer CA DNs match, so this is the certificate to use to check the MessageToken signature. None - information only.
serial_nums_matchdetail181 The serial numbers of the originator certicate and multi-orig-certs are reported. These serial numbers have been found to match so if the issuer CA DNs match, this is the certificate to use to check the MessageToken signature. None - information only.
set_sign_op_calledinformation134 This log message shows that set_sign_op is called, and logs it's arguments None
shouldnt_sign_verifyerror119 %1 called however the x509_context specifies no signing or verification should take place None.
sign_failerror51 Failure while generating a signature for the message. See error code and other log entries for details.
Sign_failerror18 C_Sign returned an error code.
sign_gooddetail129 %1 : Generated signature for this operation ok None.
sign_opinformation130 Indicates if an operation is to be signed. None
sign_op_unsupportederror133 Indicates if signing an operation is unsupported. None
SignInit_failerror17 C_SignInit returned an error code.
slotcounterror24 For the moment, the slot count must be 1.
SRL_DB_errorerror135 The error probably indicates the directory isn't writable. Or the files "srl_cert_cache.db" and/or "srl_crl_cache.db" are of some unrecognised format. Check (and change) directory permissions
SRL_errorerror29 An SRL function was called, which returned an error.
srl_init_failedwarning103 Initializing SRL with the LDAP port and host given in the configuration file failed. So LDAP is disabled. (The application may reenable it.)
srl_init_total_failureerror110 Initializing SRL with no LDAP port and host failed. Check other events for details.
SRL_LDAPwarning114 SRL attempted an LDAP bind on initialisation, and it returned this error code.
their_aetdetail82 Informative: their AET. None.
their_cert_serial_numinformation175 Reports the value of the serial number in their certificate. None - information only.
timestamp_from_tokendetail106 Report the timestamp from the strong bind. This value to be checked against the current time, and if too old will cause the bind to be rejected. None.
tok_oid_okinformation171 Reports the value of the oid in the MessageToken None - information only.
token_age_new_okdetail116 The token timestamp is less recent than the limit set. None.
token_age_old_okdetail108 The token timestamp is more recent than the limit set. None.
token_decode_faildetail14 Signed token couldn't be decoded.
token_encode_faildetail16 Token couldn't be encoded.
token_expirederror31 A bind token was received that seems to have expired. This may be an attempt at replaying a bind token, or (probably more likely) indicates unacceptable clock skew between machines.
token_gdi_matchesinformation195Information only. None.
token_gdi_mismatcherror196The Message Token in the bind contains a GDI which does not match the GDI configured in the AE for our MTA. None.
token_life_too_longerror38 A bind token was received that wants to live too long (its expiry time is more than 40 minutes in the future). This isn't permitted (if unintentional, this may be due to clock skew).
token_mta_namedetail89 Our MTA name. This value is checked against the value of the mta name. None.
token_null_utcerror35 While trying to check a bind token or response for expiry, the expiry time couldn't be converted to UTC, preventing a check.
token_recipinformation172 Reports the value of the recipient in the Message Token This should either be the same as the value in the delivery envelope, or the same as the first element of the redirection history.
token_recip_invaliderror173 Reports the type of name in the Message Token. This must be a recipient name. This should be a recipient name, but is not. You should check the encoding sent bythe remote UA.
token_too_newerror115 The strong bind is rejected as the token timestamp is too far in the future. Ensure that the clocks on the two systems are set correctly. They need to be synchronised within 5 minutes of each other
token_too_olderror107 The strong bind is rejected as the token timestamp is older than the limit set. Ensure that the clocks on the two systems are set correctly. They need to be synchronised within 5 minutes of each other
trace_funcdetail131 This log message shows which x509 functions have been called None
trusted_certinformation154 Adding the certificate as a trust anchor. None
trusted_cert_errorerror43 While adding the trust anchors, an error was found for this certificate.
try_pphrdetail137 Attempting to open the passphrase for this Digital ID. The passphrase filename has the form p12filename.pphr. None.
unexpected_oiderror79 An invalid OID was in the token. Check the configuration of the remote end. Ensure it is connecting to the expected protocol server.
unknown_algorithmerror199 A signed bind or operation was received but with an unknown algorithm (the OID is given). Reconfigure the sender to use some algorithm that's supported, and report the issue to Isode support.
unknown_cert_oiderror27 We received a bind argument or response
unknown_key_typeerror153 Some internal error occurred. Contact Isode support
unknown_operror121 %1 was asked to sign an unknown operation None.
untrusted_certdetail155 Adding the certificate to the database, for use in verifying certificates. None
use_signed_ops_before_initerror118 %1 called with operation or context as NULL None.
using_ldapdetail100 Using LDAP for certificate and CRL retrieval, with the logged host and port.
verify_detailerror150 Gives extended information about failure of certificate verification. Depends on the specific error.
verify_failerror55 Failure while verifying the signature in the message. See error code and other log entries for details.
verify_failureerror149 The CML function to verify a certificate returned an error code. This may indicate an error in the PKI (a certificate or CRL not present, or expired), configuration (if something could not be retrieved), or some system failure (if it is a memory error). More information is likely to be available at higher logging levels (detail). Depends on the specific error.
verify_init_failerror54 Failure while verifying the signature in the message. See error code and other log entries for details.
verify_okdetail56 Verified the signature in the message / operation. Information only
verify_opinformation132 Indicates if an operation is to being verified. None
wrong_oiderror165 The MessageToken must contain the correct OID and does not. Check the configuration of the remote UA which submitted the message
zero_len_sig_generror52 Failure while generating a signature for the message. See other log entries for details.

DLOpenFail

Message Text
  • Unable to load X.509 shared object %1 (%2)
Parameters
  1. library
  2. supplementary info
Description
X.509 shared object failed to load.
Action

opensslinit_fail

Message Text
  • SSL_library_init failed
Description
SSL_library_init returned a fail code
Action

certs

Message Text
  • Loaded %1 certificates
Parameters
  1. number
Description
The number of certificates loaded from the x509 directory.
Action

identities

Message Text
  • Loaded %1 identities
Parameters
  1. number
Description
the number of identities loaded.
Action

no_identities

Message Text
  • No identities loaded
Description
No identities were loaded, so no strong authentication will be possible.
Action

identity_found

Message Text
  • Found identity for %1
Parameters
  1. identity
Description
An identity was found for this DN.
Action

identity_notfound

Message Text
  • No identity found for %1
Parameters
  1. identity
Description
An identity for this DN was requested, and none was found.
Action

no_current_identity

Message Text
  • No current identity
Description
Application asked for the current identity, and there isn't one.
Action

cert_verify_fail

Message Text
  • Certificate verification failed, subject %1 reason %2
Parameters
  1. subject
  2. reason
Description
Validation of a certificate failed.
Action

create_pubkey_fail

Message Text
  • Failed to create %1 public key from a valid certificate, subject %2
Parameters
  1. type
  2. subject
Description
We failed to create a public key object.
Action

no_certificate_sent

Message Text
  • No certificate path in bind
Description
We (currently) require a certificate with a bind, and none was sent.
Action

algorithm_type_incompatible

Message Text
  • %1 key is incompatible with signature algorithm %2
Parameters
  1. type
  2. oid
Description
The certificate has a key type that's incompatible with the signature algorithm.
Action

algorithm_type_unsupported

Message Text
  • Signature algorithm unsupported
Description
Signed object uses an unsupported signature algorithm.
Action

token_decode_fail

Message Text
  • DAS_TokenToSign decode failed
Description
Signed token couldn't be decoded.
Action

dsapverify

Message Text
  • Bind signed by %1 verified
Parameters
  1. peer
Description
Verification succeeded.
Action

token_encode_fail

Message Text
  • DAS_TokenToSign encode failed
Description
Token couldn't be encoded.
Action

SignInit_fail

Message Text
  • C_SignInit failed
Description
C_SignInit returned an error code.
Action

Sign_fail

Message Text
  • C_Sign failed
Description
C_Sign returned an error code.
Action

disabled

Message Text
  • X509 disabled
Description
Source release was built with the X.509 functionality disabled.
Action

function_unavailable

Message Text
  • X509 function %1 called, but X.509 is disabled
Parameters
  1. function
Description
X.509 functionality is not available because initialization of it failed, and a function requiring it was called.
Action

nosession

Message Text
  • X509 function %1 called, but without a session
Parameters
  1. function
Description
Some functions require a session, and this one was called with the session set to NULL.
Action

noidentity

Message Text
  • X509 function %1 called, but the session has no identity
Parameters
  1. function
Description
Some functions require a session with an identity, and this one was called with a session without an identity.
Action

slotcount

Message Text
  • Slot count, %1, is not 1
Parameters
  1. slot count
Description
For the moment, the slot count must be 1.
Action

PKCS11_error

Message Text
  • PKCS#11 function %1 returned error code %2
Parameters
  1. function
  2. code
Description
A PKCS#11 function returned an error code.
Action

CML_error

Message Text
  • A CML function %1 returned an error code %2
Parameters
  1. function
  2. code
Description
A CML function returned an error code.
Action

unknown_cert_oid

Message Text
  • In function %1, algorithm %2 is not recognised
Parameters
  1. function
  2. oid
Description
We received a bind argument or response
Action

isode_error

Message Text
  • An internal function %1 was called which failed
Parameters
  1. function
Description
Some internal isode function was called, which returned an error.
Action

SRL_error

Message Text
  • An SRL function %1 was called which returned error code %2
Parameters
  1. function
  2. code
Description
An SRL function was called, which returned an error.
Action

no_peer_dn

Message Text
  • x509_dsapmkbind called with no peer dn set
Description
Attempting to construct a strong bind argument, but the argument lacks the dba_dn field, which should contain the DN of the entity we're attempting to connect to.
Action

token_expired

Message Text
  • Expired bind token, time now %1, token expiry time %2
Parameters
  1. time now
  2. expiry time
Description
A bind token was received that seems to have expired. This may be an attempt at replaying a bind token, or (probably more likely) indicates unacceptable clock skew between machines.
Action

entropy

Message Text
  • Insufficient entropy
Description
RAND_status returned an error, which probably indicates insufficient entropy. On Unix, this is likely to happen because /dev/urandom is not present or readable.
Action

nonce_badlen

Message Text
  • Nonce in a received bind or response has incorrect length %1
Parameters
  1. received length
Description
We require that a bind argument has 80 bits in random1, and that a bind response has 160 bits: the concatenation of the bind argument and a fresh 80 bit nonce.
Action

nonce_mismatch

Message Text
  • Nonce in a received response did not match bind argument
Description
We require that a bind response contain random1 which begins with the same bits as the original bind argument. This message failed that test.
Action

token_null_utc

Message Text
  • Failed to convert expiry time as UTC, %1
Parameters
  1. expiry time
Description
While trying to check a bind token or response for expiry, the expiry time couldn't be converted to UTC, preventing a check.
Action

response_dn

Message Text
  • Bind response which should have come from %1 was signed by %2
Parameters
  1. session dn
  2. response dn
Description
x509_dsapverify attempted to verify a bind response, but the response was signed by a key from a different entity.
Action

nonce_unchecked

Message Text
  • Bind argument contains a nonce, but we have no code to check the nonce
Description
We can't check nonces yet. This log is to warn that code needs to be filled in.
Action

token_life_too_long

Message Text
  • Bind token has too long a life, time now %1, token expiry time %2
Parameters
  1. time now
  2. expiry time
Description
A bind token was received that wants to live too long (its expiry time is more than 40 minutes in the future). This isn't permitted (if unintentional, this may be due to clock skew).
Action

null_nonce_checker

Message Text
  • Failed to create a nonce checker
Description
We failed to initialise a nonce checker; this is fatal (for X.509), and no X.509 services will be available.
Action

nonce_replay

Message Text
  • A nonce was received that had already been used
Description
An attempt was made to bind using a nonce which has already been used in a previous session.
Action

identity_chosen

Message Text
  • Application attempted to set identity to %1, but identity is already set to %2
Parameters
  1. new identity
  2. current identity
Description
The application attempted to choose an identity (either default, or for a specific connection), but the identity has already been selected.
Action

cert_usage

Message Text
  • Received signed bind/response with a certificate, subject %1, with keyUsage that doesn't include digitalSignature
Parameters
  1. subject
Description
Digitally signed bind arguments and responses must have a certificate that permits that usage: the certificate should have the keyUsage extension, with at least the digitalSignature bit set.
Action

trusted_cert_error

Message Text
  • Error in adding trust anchor <%1>, reason %2 [%3]
Parameters
  1. dn
  2. error detail
  3. extra info
Description
While adding the trust anchors, an error was found for this certificate.
Action

functions_not_implemented

Message Text
  • Functions not implemented in shared library %1
Parameters
  1. library
Description
A shared object library was found, but it does not contain implementations of X.509 functions.
Action

function_not_found

Message Text
  • Function %1 not found in shared library %2 (%3)
Parameters
  1. function
  2. library
  3. supplementary info
Description
A required function is missing from shared library.
Action

initialization_fail

Message Text
  • X.509 initialization failed: %1
Parameters
  1. detail
Description
X.509 isn't available; this event message gives the reason.
Action

dsa_sig_decode_fail

Message Text
  • DSA signature failed to decode
Description
DSA signatures have a particular format: they're BER (usually DER) encoded SEQUENCE {INTEGER, INTEGER}, where each INTEGER is 20 octets long. One was received which failed to decode.
Action

dsa_sig_encode_fail

Message Text
  • DSA signature failed to encode
Description
Failure while encoding DSA signature (probably out of memory).
Action

moac_tbs_encode_fail

Message Text
  • Failed to encode ToBeSigned structure
Description
Failure while encoding MOAC TBS (probably out of memory).
Action
See other log entries for details.

moac_tbs_bs_gen_fail

Message Text
  • Failed to generate byte stream for ToBeSigned structure
Description
Failure while generate byte stream for MOAC TBS (probably out of memory).
Action
See other log entries for details.

sign_fail

Message Text
  • Error returned by C_Sign when generating the signature: %1
Parameters
  1. C_Sign_retval
Description
Failure while generating a signature for the message.
Action
See error code and other log entries for details.

zero_len_sig_gen

Message Text
  • Failure while generating a signature - zero length signature generated
Description
Failure while generating a signature for the message.
Action
See other log entries for details.

gen_sig_ok

Message Text
  • Successfully generated signature for message
Description
The MOAC for this message was successfully generated.
Action
Information only

verify_init_fail

Message Text
  • Error returned by C_VerifyInit when preparing to verify the signature: %1
Parameters
  1. C_Sign_retval
Description
Failure while verifying the signature in the message.
Action
See error code and other log entries for details.

verify_fail

Message Text
  • Error returned by C_Verify when verifying the signature: %1
Parameters
  1. C_Sign_retval
Description
Failure while verifying the signature in the message.
Action
See error code and other log entries for details.

verify_ok

Message Text
  • Verified the signature in the message / operation successfully
Description
Verified the signature in the message / operation.
Action
Information only

no_orig_cert

Message Text
  • Cannot verify MOAC: no Originator certificate found in the message envelope
Description
No Originator certificate found in the message envelope with which to verify the signature.
Action
Check the message as received in the Queue. Ensure that the sender constructed the message and signature correctly

no_public_key_in_orig_certificate

Message Text
  • The originator certificate in the message does not contain a public key.
Description
Although an originator certificate is present in the message envelope, there is no public key available to use to verify the signature
Action
Check the message as received in the Queue. Ensure that the sender constructed the message and signature correctly

certificate_issuer

Message Text
  • Issuer of certificate is %1
Parameters
  1. detail
Description
The DN of the CA which issued the Certificate
Action
Information only

dump_sig_pe

Message Text
  • Dumping signature in MOAC into %1
Parameters
  1. dirname
Description
Describes the directory into which the MOAC signature is written.
Action
Debug Information only. This can be compared with the generated signature

dump_gen_sig_pe

Message Text
  • Dumping signature in MOAC into %1
Parameters
  1. dirname
Description
Describes the directory into which the generated signature is written.
Action
Debug Information only. This can be compared with the signature from the MOAC

init_security

Message Text
  • Initialising X.509 security environment: ID %1
Parameters
  1. id
Description
Information Only. The X509 security environment is being established using this ID. The ID is a filesystem directory in which a subdirectory named x509 contains the Digital Identities as a set of pkcs11 files.
Action
None.

init_security_ok

Message Text
  • Successfully initialised the X.509 security environment: ID %1, number of IDs %2
Parameters
  1. id
  2. numids
Description
Information Only. The X509 security environment has been established using this ID. The ID is a filesystem directory in which a subdirectory named x509 contains the Digital Identities as a set of pkcs11 files. The number of Digital Identities found is also reported.
Action
None.

client_session

Message Text
  • Creating client session: name %1
Parameters
  1. dn
Description
Information Only. An X509 client session is being established using this DN.
Action
None.

client_session_ok

Message Text
  • Successfully created client session: name %1
Parameters
  1. dn
Description
Information Only. An X509 client session has been successfully established using this DN.
Action
None.

read_cert

Message Text
  • Successfully read cert from %1
Parameters
  1. cert
Description
Information Only. A certificate for the ID has been found in the file name reported.
Action
None.

id_rej

Message Text
  • Digital ID %1
Parameters
  1. cert
Description
Information Only. A trusted certificate for the ID has been found in the file name reported but cannot be used.
Action
None.

id_ok

Message Text
  • Found Digital ID %1 which can be used for this client session
Parameters
  1. cert
Description
Information Only. A trusted certificate for the ID has been found in the file name reported.
Action
None.

build_time

Message Text
  • build_time failed
Description
An internal error occurred.
Action
See other log entries for details.

pe_error

Message Text
  • NULLPE when converting BIT STRING to primitive
Description
An internal error occurred.
Action
See other log entries for details.

bit_string_error

Message Text
  • Error encoding BIT STRING: %1
Parameters
  1. pe_error
Description
An internal error occurred.
Action
See other log entries for details.

enc_atb

Message Text
  • Error encoding token body
Description
AN internal error occurred.
Action
See other log entries for details.

enc_error

Message Text
  • Error encoding %1
Parameters
  1. pe_error
Description
An internal error occurred while encoding a PE.
Action
See other log entries for details.

cpath_error

Message Text
  • Failed to construct certificate path for strong credentials
Description
An error occurred while constructing the certificate path to put into the strong credentials.
Action
See other log entries for details.

do_strong

Message Text
  • Constructing strong credentials
Description
Information only.
Action
None.

done_strong

Message Text
  • Constructed strong credentials successfully
Description
Information only.
Action
None.

do_check_strong

Message Text
  • Checking strong credentials
Description
Information only.
Action
None.

done_check_strong

Message Text
  • Checked strong credentials successfully
Description
Information only.
Action
None.

unexpected_oid

Message Text
  • invalid MTA_Token type: '%1'; expecting AsymmetricToken (2.6.3.6.0)
Parameters
  1. token_oid
Description
An invalid OID was in the token.
Action
Check the configuration of the remote end. Ensure it is connecting to the expected protocol server.

pe_decode_error

Message Text
  • error while decoding %1
Parameters
  1. str
Description
The PE could not be decoded.
Action
See other log entries for details.

no_aet_error

Message Text
  • unknown internal ppname %1. Strong authentication not accepted. Possible cause is absent AETitle
Parameters
  1. their_aet
Description
They did not provide an AET therefore we cannot accept their strong bind.
Action
Check the configuration of the remote end. Ensure it is connecting to the expected protocal server.

their_aet

Message Text
  • Checking StrongCredentials initiator name is %1
Parameters
  1. pe_error
Description
Informative: their AET.
Action
None.

init_subject

Message Text
  • Found subject %1 in StrongCredentials
Parameters
  1. subject
Description
The StrongCredentials contained a Certificate and the Subject DN is reported.
Action
None.

no_pub_key

Message Text
  • No public key found in certificate
Description
The Certificate supplied does not contain a public key and cannot therefore be used for a strong bind.
Action
Configure the remote end to use a suitable Certificate.

dn_match_error

Message Text
  • The DN in the StrongCredentials %1 does not match the DN in the Certificate %2
Parameters
  1. their_dn
  2. cert_dn
Description
The DN in the StrongCredentials does not match the DN in the Certificate.
Action
Configure the remote end to use the Certificate to create correct Strong Credentials.

dn_match_op

Message Text
  • The DN in the Strong Credentials %1 matches the DN in the Certificate OK %2
Parameters
  1. their_dn
  2. cert_dn
Description
The DN in the StrongCredentials matches the DN in the Certificate.
Action
None.

gdi

Message Text
  • GDI in token is %1
Parameters
  1. gdi
Description
An Global Domain Identifier was found in the Strong Credentials.
Action
This value is ignored in this release.

no_mta_name

Message Text
  • No MTA name was found in the token.
Description
No MTA name was found in the token.
Action
This value is mandatory. Check the configuration of the remote MTA.

token_mta_name

Message Text
  • Found our MTA name in token %1
Parameters
  1. mta_name
Description
Our MTA name. This value is checked against the value of the mta name.
Action
None.

mta_name_mismatch

Message Text
  • MTA name found in token (%1) is not our MTA name (%2)
Parameters
  1. token_mta_name
  2. our_mta_name
Description
Our MTA name was found in the Strong Credentials. This value is checked against the local value. The two must match but did not match.
Action
Check configuration of both ends.

mta_name_match_ok

Message Text
  • Found our MTA name in local configuration %1
Parameters
  1. mta_name
Description
Our MTA name in token. This value successfully checked against the value in the Strong Credentials.
Action
None.

our_mta_name

Message Text
  • Found our MTA name in local configuration %1
Parameters
  1. mta_name
Description
Our MTA name. This value is checked againt the value in the Strong Credentials.
Action
None.

dn_match_ok

Message Text
  • Remote DN (%1) and the Certificate DN (%2) are the same
Parameters
  1. our_dn
  2. cert_subject_dn
Description
The DN in the strong bind and the DN of the MTA must match. This message logs the fact that they do.
Action
None.

inv_token

Message Text
  • The OID in the token is invalid %1
Parameters
  1. tok_oid
Description
The OID in the token of a strong P1 bind must be 2.6.3.6.0.
Action
Check configuration and presentation addresses

no_token

Message Text
  • There is no OID in the token
Description
The OID in the token of a strong P1 bind must be set to 2.6.3.6.0.
Action
Check configuration and presentation addresses

oid_err

Message Text
  • Unable to convert OID
Description
An internal error occurred performing str2oid().
Action
Check other log messages.

no

Message Text
  • There is no OID in the token
Description
The OID in the token of a strong P1 bind must be set to 2.6.3.6.0.
Action
Check configuration and presentation addresses

crls_on

Message Text
  • Enabling CRL checking
Description
Information Only. CRL checking is enabled in the CML library.
Action

crls_off

Message Text
  • Disabling CRL checking
Description
Information Only. CRL checking is enabled in the CML library.
Action

using_ldap

Message Text
  • SRL: using LDAP, host %1, port %2
Parameters
  1. host
  2. port
Description
Using LDAP for certificate and CRL retrieval, with the logged host and port.
Action

not_using_ldap

Message Text
  • Disabling LDAP certificate/LDAP lookup
Description
LDAP certificate/CRL retrieval has been disabled.
Action

config_parse_fail

Message Text
  • X509 config line "%1" was not recognised
Parameters
  1. line
Description
There was some error in reading the X.509 config file. This file can contain blank lines, comments (lines beginning with #), and lines beginning "ldap_host ", "ldap_port ", "check_crl ". ldap_host has to be followed by a host name (or IP address), ldap_port by a number, and check_crl by "yes" or "no". (That description uses double quotes to indicate literal text, no double quotes should appear in the file.)
Action

srl_init_failed

Message Text
  • Initializing SRL with host %1 and port %2 failed
Parameters
  1. ldap_host
  2. ldap_port
Description
Initializing SRL with the LDAP port and host given in the configuration file failed. So LDAP is disabled. (The application may reenable it.)
Action

crl_on

Message Text
  • CML is configured to verify certificates against CRLs
Description
Certificates (received in strong authentication or signed operations) will be checked against current CRLs.
Action

crl_off

Message Text
  • CML is configured not to verify certificates against CRLs
Description
Certificates (received in strong authentication or signed operations) will not be checked against current CRLs. So certificates that have been revoked may be regarded as still valid.
Action

timestamp_from_token

Message Text
  • The timestamp in the bind token is %1
Parameters
  1. token_timestamp
Description
Report the timestamp from the strong bind. This value to be checked against the current time, and if too old will cause the bind to be rejected.
Action
None.

token_too_old

Message Text
  • The timestamp in the token (%1) is too old, ie older than %2 (time now is %3).
Parameters
  1. token_timestamp
  2. time_when_token_valid
  3. time_now
Description
The strong bind is rejected as the token timestamp is older than the limit set.
Action
Ensure that the clocks on the two systems are set correctly. They need to be synchronised within 5 minutes of each other

token_age_old_ok

Message Text
  • The timestamp in the token (%1) is more recent than %2.
Parameters
  1. token_timestamp
  2. time_when_token_valid
Description
The token timestamp is more recent than the limit set.
Action
None.

no_aet

Message Text
  • No DN for their MTA.
Description
Cannot determine the name of the remote MTA.
Action
Contact Isode support.

srl_init_total_failure

Message Text
  • Initializing SRL with no host/port failed
Description
Initializing SRL with no LDAP port and host failed.
Action
Check other events for details.

cml_init_failure

Message Text
  • Initializing CML failed (error %1)
Parameters
  1. check_crls
Description
Initializing CML failed.
Action
Check other events for details.

read_pphr

Message Text
  • Read passphrase from file %1
Parameters
  1. passphrase
Description
The passphrase for the private key has been read from the passphrase file. The passphrase filename has the form p12filename.pphr.
Action
None.

MTA_AsymmetricTokenBody_W

Message Text
  • %1
Parameters
  1. File containing PDU
Description
P1 Bind with Strong Auth
Action
No Operator Action

SRL_LDAP

Message Text
  • SRL_CreateSession returned the LDAP error %1
Parameters
  1. error
Description
SRL attempted an LDAP bind on initialisation, and it returned this error code.
Action

token_too_new

Message Text
  • The timestamp in the token (%1) is too far in the future, ie newer than %2 (time now is %3).
Parameters
  1. token_timestamp
  2. time_when_token_valid
  3. time_now
Description
The strong bind is rejected as the token timestamp is too far in the future.
Action
Ensure that the clocks on the two systems are set correctly. They need to be synchronised within 5 minutes of each other

token_age_new_ok

Message Text
  • The timestamp in the token (%1) is less recent than %2.
Parameters
  1. token_timestamp
  2. time_when_token_valid
Description
The token timestamp is less recent than the limit set.
Action
None.

require_signed_ops

Message Text
  • Connection by %1 requires signed operations, modify %2, other %3
Parameters
  1. auth
  2. modify
  3. nonmodify
Description
The named connection is configured (probably using authcon) with the given settings for signed operations. Signed operations may be required for modification operations, and for non-modifying operations.
Action
None.

use_signed_ops_before_init

Message Text
  • %1 called with operation or context as NULL
Parameters
  1. function
Description
%1 called with operation or context as NULL
Action
None.

shouldnt_sign_verify

Message Text
  • %1 called however the x509_context specifies no signing or verification should take place
Parameters
  1. function
Description
%1 called however the x509_context specifies no signing or verification should take place
Action
None.

bad_encode

Message Text
  • %1: couldn't encode the operation to sign it
Parameters
  1. function
Description
%1: couldn't encode the operation to sign it
Action
None.

unknown_op

Message Text
  • %1 was asked to sign an unknown operation
Parameters
  1. function
Description
%1 was asked to sign an unknown operation
Action
None.

missing_sig

Message Text
  • %1 was called with the operation missing a signature
Parameters
  1. function
Description
%1 was called with the operation missing a signature
Action
None.

bad_decode_sig

Message Text
  • %1 could not decode the signature
Parameters
  1. function
Description
%1 could not decode the signature.
Action
None.

dsp_missing_sig

Message Text
  • %1 was called with the DSP operation missing a mandatory signature
Parameters
  1. function
Description
%1 was called with the DSP operation missing a mandatory signature.
Action
None.

missing_security

Message Text
  • %1 was called without any SecurityParameters
Parameters
  1. function
Description
%1 was called without any SecurityParameters
Action
None.

missing_security_path

Message Text
  • %1 : The SecurityParameters provided don't contain a certificate path
Parameters
  1. function
Description
%1 : The SecurityParameters provided don't contain a certificate path
Action
None.

missing_nonce_type

Message Text
  • %1 : The nonce type within the x509context is not set.
Parameters
  1. function
Description
%1 : The nonce type within the x509context is not set.
Action
None.

sign_good

Message Text
  • %1 : Generated signature for this operation ok
Parameters
  1. function
Description
%1 : Generated signature for this operation ok
Action
None.

sign_op

Message Text
  • The %1 %2 %3 will be signed
Parameters
  1. Protocol
  2. op_type
  3. arg_res
Description
Indicates if an operation is to be signed.
Action
None

trace_func

Message Text
  • Called %1
Parameters
  1. function
Description
This log message shows which x509 functions have been called
Action
None

verify_op

Message Text
  • The %1 %2 %3 is being verified
Parameters
  1. Protocol
  2. op_type
  3. arg_res
Description
Indicates if an operation is to being verified.
Action
None

sign_op_unsupported

Message Text
  • Signed ops for %1 %2 %3 operations are unsupported
Parameters
  1. Protocol
  2. op_type
  3. arg_res
Description
Indicates if signing an operation is unsupported.
Action
None

set_sign_op_called

Message Text
  • x509_setsignop called. Setting %2 to %1
Parameters
  1. sign_op_flag
  2. op_type
Description
This log message shows that set_sign_op is called, and logs it's arguments
Action
None

SRL_DB_error

Message Text
  • SRL returned an error for directory %1
Parameters
  1. dir
Description
The error probably indicates the directory isn't writable. Or the files "srl_cert_cache.db" and/or "srl_crl_cache.db" are of some unrecognised format.
Action
Check (and change) directory permissions

no_id

Message Text
  • No Digital IDs (out of %1 loaded) have been found which can be used for this client session
Parameters
  1. cert
Description
No Digital IDs found in the security environment can be used for this client session.
Action
Check that your have configured either a password for the application, or that a pass-phrase file has been created in the same directory as the P12 file, with the same name as the P12 file, with a .pphr suffix. Alternatively, you can set the private key in the P12 file so that it is not protected by a pass-phrase. For security reasons, this is not recommended.

try_pphr

Message Text
  • Attempting to read passphrase from file %1
Parameters
  1. passphrase
Description
Attempting to open the passphrase for this Digital ID. The passphrase filename has the form p12filename.pphr.
Action
None.

no_pphr

Message Text
  • Cannot open passphrase file %1
Parameters
  1. passphrase
Description
The attempt to open the passphrase for this Digital ID has failed.
Action
None.

read_config

Message Text
  • Opening X509 config file %1
Parameters
  1. configfile
Description
Attempting to open the config file %s for the security environment.
Action
None.

no_config

Message Text
  • X509 config file %1 not found
Parameters
  1. configfile
Description
Attempting to open the config file %s for the security environment.
Action
None - this is not an error.

read_config_ok

Message Text
  • X509 config file %1 has been successfully read
Parameters
  1. configfile
Description
Successfully read the config file %s for the security environment.
Action
None.

init_mismatch

Message Text
  • x509_init_security called with %1 and then with %2
Parameters
  1. orig
  2. new
Description
x509_init_security is passed a directory. It can be called more than once, but only with the same directory each time (subsequent calls have no effect).
Action
Application error.

no_secenv

Message Text
  • x509_init_security called with no security environment
Description
x509_init_security must be passed a directory.
Action
Internal error.

no_gdi

Message Text
  • No GDI supplied - no checks against value in token
Description
This release is not checking whether the GDI in the token, matches the locally configured value for our GDI.
Action
None.

no_gdi_in_token

Message Text
  • No GDI supplied in token
Description
No GDI was supplied in the token to check against the locally configured value for our GDI.
Action
None.

gdi_in_token

Message Text
  • GDI supplied in token
Description
A GDI was supplied in the token to check against the locally configured value for our GDI, however the check was not carried out.
Action
This may indicate interworking problems with the remote MTA.

no_mta_name_check

Message Text
  • No check against the MTAName in the token has been made.
Description
No MTAName was provided to check against the value in the token.
Action
This may indicate interworking problems with the remote MTA. This is an internal error which should be reported to Isode support.

no_aet_check

Message Text
  • No check against the DN of the subject of the Certificate against the AET in the bind has been made.
Description
No AET was provided to check against the value in the token.
Action
The MTA has been configured not to check DN of the subject of the Certificate against the AET in the bind. This is configured in the X.400 channel using EMMA.

verify_failure

Message Text
  • Verifying a certificate failed, reason %1
Parameters
  1. reason
Description
The CML function to verify a certificate returned an error code. This may indicate an error in the PKI (a certificate or CRL not present, or expired), configuration (if something could not be retrieved), or some system failure (if it is a memory error). More information is likely to be available at higher logging levels (detail).
Action
Depends on the specific error.

verify_detail

Message Text
  • Verify fail detail for %1 reason %2 [%3]
Parameters
  1. dn
  2. detail
  3. xinfo
Description
Gives extended information about failure of certificate verification.
Action
Depends on the specific error.

oid_mismatch

Message Text
  • Inner algorithm %1 does not match algorithm %2 in wrapper
Parameters
  1. inner
  2. outer
Description
Some kinds of signed ASN.1 have the signature algorithm both inside the signed part, and outside. These two must match, and in this case they do not, so verification fails.
Action
Identify origin of the mismatched OIDs and report error

certpath_encode_fail

Message Text
  • CertificationPath failed to encode
Description
CertificationPath did not encode.
Action
None

unknown_key_type

Message Text
  • Attempt to sign something with an unknown key type
Description
Some internal error occurred.
Action
Contact Isode support

trusted_cert

Message Text
  • Adding certificate with subject %1 as trust anchor
Parameters
  1. subject
Description
Adding the certificate as a trust anchor.
Action
None

untrusted_cert

Message Text
  • Adding certificate issued by %1 to %2 to database
Parameters
  1. issuer
  2. subject
Description
Adding the certificate to the database, for use in verifying certificates.
Action
None

no_PKCS11_lib

Message Text
  • Attempt to use PKCS#11 library when none is available
Description
This may be because no library was specified in x509/config, or that the library failed to load.
Action
Contact Isode support

init_dir_ignored

Message Text
  • Directory %1 not readable, ignored
Parameters
  1. directory
Description
x509_init_security() was passed a directory that does not exist or is not readable, so it will not be used.
Action
See earlier log message for possible reasons

constr_msg_tok_sig_ok

Message Text
  • Generated Message Token successfully`
Description
The X.509 sub-system was able to generate the Message Token.
Action
None

constr_msg_tok_enc_err

Message Text
  • Failed to encode %1
Parameters
  1. structure
Description
The X.509 subsystem was unable to encode the PEPSY structure.
Action
None

add_cert_path

Message Text
  • Adding cert path for return
Description
The Certificate Path has been returned to the calling function.
Action
None

not_add_cert_path

Message Text
  • Not adding cert path for return
Description
The Certificate Path has not been returned to the calling function.
Action
None

constr_msg_tok_ok

Message Text
  • Generated the MessageToken successfully for this recipient (%1)
Parameters
  1. recipient
Description
The X.509 subsystem has successfully generated a MessageToken for this recipient of the message
Action
None

msg_tok_mem_alloc_err

Message Text
  • Memory allocation error while allocating %1
Parameters
  1. structure
Description
A memory allocation failure has occurred. The system has probably run out of resources.
Action
Check the system for process which are hogging resources

wrong_oid

Message Text
  • Unexpected OID in Message Token (%1) when expecting %2
Parameters
  1. their_tok_oid
  2. expected_tok_oid
Description
The MessageToken must contain the correct OID and does not.
Action
Check the configuration of the remote UA which submitted the message

gen_cic_fail

Message Text
  • Can't generate content integrity check
Description
The content integrity check cannot be generated.
Action
See previous log messages.

gen_tok_tbs_fail

Message Text
  • Failed to generate Token to be signed
Description
The X.509 subsystem failed to generated the Token to be signed.
Action
See previous log messages.

gen_tok_sig_ok

Message Text
  • Successfully constructed the Token signature
Description
The X.509 successfully generated the Token signature.
Action
None.

our_cert_serial_num

Message Text
  • Our certificate serial number is %1
Parameters
  1. our_cert_serial_num
Description
Reports the value of the serial number in our certificate.
Action
None - information only.

del_env_recip

Message Text
  • Delivery envelope recipient is %1
Parameters
  1. env_recip
Description
Reports the value of the recipient in the delivery envelope.
Action
None - information only.

tok_oid_ok

Message Text
  • OID in Message Token is %1
Parameters
  1. their_tok_oid
Description
Reports the value of the oid in the MessageToken
Action
None - information only.

token_recip

Message Text
  • Message Token recipient is %1
Parameters
  1. tok_recip
Description
Reports the value of the recipient in the Message Token
Action
This should either be the same as the value in the delivery envelope, or the same as the first element of the redirection history.

token_recip_invalid

Message Text
  • Message Token recipient is %1
Parameters
  1. name_offset
Description
Reports the type of name in the Message Token. This must be a recipient name.
Action
This should be a recipient name, but is not. You should check the encoding sent bythe remote UA.

fail_to_get_orig_cert

Message Text
  • Failed to retrieve the originator certificate from the multiple originator certificates extension
Description
The originator certificate which we use the check the signature, cannot be found in the multiple originator certificates extension.
Action
Check the encoding sent by the remote UA.

their_cert_serial_num

Message Text
  • Their certificate serial number is %1
Parameters
  1. their_cert_serial_num
Description
Reports the value of the serial number in their certificate.
Action
None - information only.

cic_sig_invalid

Message Text
  • The message content integrity check failed
Description
The Message Token contains a content integrity check which ensures the message has been carried unchanged. This signature in the content integrity check has not been validated which means the signed content cannot be relied on.
Action
No reliance on the message content can be made.

cic_tbs_gen_failed

Message Text
  • Couldn't generate the content integrity to be signed
Description
An error occurred while generating the to be signed structure for the content integrity check.
Action
Look for messages earlier in the log file.

no_cert_sel

Message Text
  • Couldn't find a certificate selector
Description
The certificate selector which identifies the certificate to be used to check the Message Token signature is not present.
Action
Check the encoding sent by the remote UA.

invalid_cert_sel

Message Text
  • Couldn't find valid certificate selector
Description
The certificate selector which identifies the certificate to be used to check the Message Token signature is invalid.
Action
Check the encoding sent by the remote UA.

report_serial_nums

Message Text
  • The serial numbers in the originator certicate and multi-orig-certs are '%1' and '%2'
Parameters
  1. their_cert_serial_num
  2. mult_cert_serial_num
Description
The serial numbers of the originator certicate and multi-orig-certs are reported. If these and the issuer CA DNs match, this is the certificate to use to check the MessageToken signature.
Action
None - information only.

serial_nums_match

Message Text
  • The serial numbers in the originator certicate and multi-orig-certs match '%1' and '%2'
Parameters
  1. their_cert_serial_num
  2. mult_cert_serial_num
Description
The serial numbers of the originator certicate and multi-orig-certs are reported. These serial numbers have been found to match so if the issuer CA DNs match, this is the certificate to use to check the MessageToken signature.
Action
None - information only.

serial_nums_and_dns_match

Message Text
  • The serial numbers in the originator certicate and multi-orig-certs match '%1' and '%2'
Parameters
  1. cert_serial_num
  2. issuer_dn
Description
The serial numbers of the originator certicate and multi-orig-certs are reported. These serial numbers and issuer CA DNs match, so this is the certificate to use to check the MessageToken signature.
Action
None - information only.

no_serial_num_and_dn_match

Message Text
  • The serial number and issuer DN in the certicate selector '%1' and '%2' do not match in in the multi-orig-certs
Parameters
  1. cert_serial_num
  2. issuer_dn
Description
The serial number ond issuer DN in certicate selector extension cannot be found in the multi-orig-certs extension. This means there is no certificate which can be used to verify the MessageToken signature.
Action
Check the encoding and configuration on the remote UA which sent the message.

mt_sig_verify_ok

Message Text
  • Verified the signature in the message token successfully
Description
Verified the signature of the message token itself
Action
Information only

mt_cic_verify_ok

Message Text
  • Verified the signature of the content integrity check in the message token successfully
Description
Verified the signature of the content integrity check in the message token
Action
Information only

mt_verify_ok

Message Text
  • Verified the message token successfully
Description
Verified the all the Message Token successfully
Action
Information only

certificate_subject

Message Text
  • Subject of certificate is %1
Parameters
  1. detail
Description
The Subject of the Certificate
Action
Information only

constr_msg_tok_fail

Message Text
  • failed to generate signature
Description
The X.509 sub-system was unable to generate the Message Token.
Action
See earlier log message for possible reasons

done_strong_check

Message Text
  • Checked strong credentials successfully
Description
Information only.
Action
None.

got_san_mta_gdi

Message Text
  • Found MTA and GDI in Certificate subject Alt Name %1 %2
Parameters
  1. mtaname
  2. sangdi
Description
Information only.
Action
None.

san_gdi_matches

Message Text
  • GDI in Certificate subject Alt Name matches their AE %1
Parameters
  1. sangdi
Description
Information only.
Action
None.

san_gdi_mismatch

Message Text
  • GDI in Certificate subject Alt Name and AE do not match %1 %2
Parameters
  1. theirgdi
  2. sangdi
Description
The subjectAltName in the Certificate in the bind contains a GDI which does not match the GDI configured in the AE for their MTA.
Action
None.

san_mta_matches

Message Text
  • MTA in Certificate subject Alt Name matches their AE %1
Parameters
  1. sanmta
Description
Information only.
Action
None.

san_mta_mismatch

Message Text
  • MTA in Certificate subject Alt Name and AE do not match %1 %2
Parameters
  1. theirmta
  2. sanmta
Description
The subjectAltName in the Certificate in the bind contains an MTAName which does not match the GDI configured in the AE for their MTA.
Action
None.

token_gdi_matches

Message Text
  • GDI in Message Token matches their AE %1
Parameters
  1. gdi
Description
Information only.
Action
None.

token_gdi_mismatch

Message Text
  • GDI in Message Token and AE do not match %1 %2
Parameters
  1. ourgdi
  2. tokengdi
Description
The Message Token in the bind contains a GDI which does not match the GDI configured in the AE for our MTA.
Action
None.

name_rejected

Message Text
  • Name component %1 has problem %2
Parameters
  1. position
  2. description
Description
A name (usually from a certificate) has a problem. The component is a number (counting from 0) indicating which part of the name has the problem, and the description indicates the problem, usually that the UTF8 conversion of the name component contains a NUL (but may also be some internal error in performing the check).
Action

no_cert_ctx

Message Text
  • X509 function %1 called, but the session has no certificate context
Parameters
  1. function
Description
Some functions require a certificate context (a way to verify certificates). One was called without such a context (with the context NULL or with a session with a NULL context).
Action

unknown_algorithm

Message Text
  • Unknown algorithm OID %1 encountered
Parameters
  1. oid
Description
A signed bind or operation was received but with an unknown algorithm (the OID is given).
Action
Reconfigure the sender to use some algorithm that's supported, and report the issue to Isode support.

openssl_init_fail

Message Text
  • Failed in OpenSSL initialisation: %1, %2
Parameters
    Description
    The OpenSSL initialisation has failed in some way.
    Action

    override_security_level

    Message Text
    • Overriding security level from %1 to %2
    Parameters
    1. source
    2. value
    Description
    Action

    All rights reserved © 2002 - 2024 Isode Ltd.