From 4558579ae121975a423d5192687a7693055a3ce9 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 29 Nov 2022 07:23:03 +0000
Subject: [PATCH] Sort a few outliers by increasing error number to match
 x509_vfy.h

---
 lib/libcrypto/x509/x509_txt.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/libcrypto/x509/x509_txt.c b/lib/libcrypto/x509/x509_txt.c
index 3ac1fd427d2..461d1399c2f 100644
--- a/lib/libcrypto/x509/x509_txt.c
+++ b/lib/libcrypto/x509/x509_txt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_txt.c,v 1.25 2022/11/29 07:12:17 tb Exp $ */
+/* $OpenBSD: x509_txt.c,v 1.26 2022/11/29 07:23:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -82,10 +82,10 @@ X509_verify_cert_error_string(long n)
 		return "CRL signature failure";
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 		return "certificate is not yet valid";
-	case X509_V_ERR_CRL_NOT_YET_VALID:
-		return "CRL is not yet valid";
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 		return "certificate has expired";
+	case X509_V_ERR_CRL_NOT_YET_VALID:
+		return "CRL is not yet valid";
 	case X509_V_ERR_CRL_HAS_EXPIRED:
 		return "CRL has expired";
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@@ -112,22 +112,14 @@ X509_verify_cert_error_string(long n)
 		return "certificate revoked";
 	case X509_V_ERR_INVALID_CA:
 		return  "invalid CA certificate";
-	case X509_V_ERR_INVALID_NON_CA:
-		return  "invalid non-CA certificate (has CA markings)";
 	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
 		return  "path length constraint exceeded";
-	case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-		return "proxy path length constraint exceeded";
-	case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-		return "proxy certificates not allowed, please set the appropriate flag";
 	case X509_V_ERR_INVALID_PURPOSE:
 		return  "unsupported certificate purpose";
 	case X509_V_ERR_CERT_UNTRUSTED:
 		return  "certificate not trusted";
 	case X509_V_ERR_CERT_REJECTED:
 		return  "certificate rejected";
-	case X509_V_ERR_APPLICATION_VERIFICATION:
-		return "application verification failure";
 	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
 		return "subject issuer mismatch";
 	case X509_V_ERR_AKID_SKID_MISMATCH:
@@ -142,10 +134,16 @@ X509_verify_cert_error_string(long n)
 		return "unhandled critical extension";
 	case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
 		return "key usage does not include CRL signing";
-	case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-		return "key usage does not include digital signature";
 	case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
 		return "unhandled critical CRL extension";
+	case X509_V_ERR_INVALID_NON_CA:
+		return  "invalid non-CA certificate (has CA markings)";
+	case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+		return "proxy path length constraint exceeded";
+	case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+		return "key usage does not include digital signature";
+	case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+		return "proxy certificates not allowed, please set the appropriate flag";
 	case X509_V_ERR_INVALID_EXTENSION:
 		return "invalid or inconsistent certificate extension";
 	case X509_V_ERR_INVALID_POLICY_EXTENSION:
@@ -172,6 +170,8 @@ X509_verify_cert_error_string(long n)
 		return "unsupported or invalid name syntax";
 	case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
 		return "CRL path validation error";
+	case X509_V_ERR_APPLICATION_VERIFICATION:
+		return "application verification failure";
 	case X509_V_ERR_HOSTNAME_MISMATCH:
 		return "Hostname mismatch";
 	case X509_V_ERR_EMAIL_MISMATCH:
-- 
2.20.1