added OCSP error codes

cyassl/error.h

@@ -92,9 +92,12 @@ enum CyaSSL_ErrorCodes {
     NOT_CA_ERROR           = -257,            /* Not a CA cert error */
     BAD_PATH_ERROR         = -258,            /* Bad path for opendir */
     BAD_CERT_MANAGER_ERROR = -259,            /* Bad Cert Manager */
-    OCSP_CERT_REVOKED      = -260,
+    OCSP_CERT_REVOKED      = -260,            /* OCSP Certificate revoked */
     CRL_CERT_REVOKED       = -261,            /* CRL Certificate revoked */
     CRL_MISSING            = -262,            /* CRL Not loaded */
+    OCSP_NEED_URL          = -263,            /* OCSP need an URL for lookup */
+    OCSP_CERT_UNKNOWN      = -264,            /* OCSP responder doesn't know */
+    OCSP_LOOKUP_FAIL       = -265,            /* OCSP lookup not successful */
     /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */

src/internal.c

@@ -1697,9 +1697,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         }
 
 #ifdef HAVE_OCSP
-        if (CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert) == CERT_REVOKED) {
-            CYASSL_MSG("\tOCSP Lookup returned revoked");
-            ret = OCSP_CERT_REVOKED;
+        ret = CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert);
+        if (ret != 0) {
+            CYASSL_MSG("\tOCSP Lookup not ok");
             fatal = 0;
         }
 #endif
@@ -3530,6 +3530,18 @@ void SetErrorString(int error, char* str)
         XSTRNCPY(str, "CRL missing, not loaded", max);
         break;
 
+    case OCSP_NEED_URL:
+        XSTRNCPY(str, "OCSP need URL", max);
+        break;
+
+    case OCSP_CERT_UNKNOWN:
+        XSTRNCPY(str, "OCSP Cert unknown", max);
+        break;
+
+    case OCSP_LOOKUP_FAIL:
+        XSTRNCPY(str, "OCSP Responder lookup fail", max);
+        break;
+
     default :
         XSTRNCPY(str, "unknown error number", max);
     }