error_table eapg
#
-# Protocol errors that can be returned in an error token. This should match
+# Standards-track Protocol errors that can be returned in an error token. This should match
# up with makeErrorToken in accept_sec_context.c.
#
error_code GSSEAP_RESERVED, ""
error_code GSSEAP_MISSING_EAP_REQUEST, "RADIUS response is missing EAP request"
error_code GSSEAP_RADIUS_PROT_FAILURE, "Generic RADIUS failure"
+# Extension errors starting with 128 that can be returned in a
+#protocol token; again should match accept_sec_context.c
+
+error_code GSSEAP_RADIUS_UNROUTABLE, "Proxy had no route to identity provider realm"
+
+error_code GSSEAP_RADIUS_ADMIN_PROHIBIT, "IDP Administratively Prohibits Request"
#
# Context errors
#
error_code GSSEAP_NO_DEFAULT_IDENTITY, "Default credentials identity unavailable"
error_code GSSEAP_NO_DEFAULT_CRED, "Missing default password or other credentials"
error_code GSSEAP_CRED_RESOLVED, "Credential is already fully resolved"
+error_code GSSEAP_BAD_CACERTIFICATE, "CA Certificate blob could not be parsed"
#
# Local identity service errors