NetError Enumeration |
Namespace: DotNetBrowser.Net
public enum NetError
Member name | Value | Description | |
---|---|---|---|
Undefined | 0 | Undefined | |
Ok | 1 | No error. | |
IoPending | -1 | An asynchronous IO operation is not yet complete. This usually does not indicate a fatal error. Typically this error will be generated as a notification to wait for some external notification that the IO operation finally completed. | |
Failed | -2 | A generic failure occurred. | |
Aborted | -3 | An operation was aborted ( due to user action). | |
InvalidArgument | -4 | An argument to the function is incorrect. | |
InvalidHandle | -5 | The handle or file descriptor is invalid. | |
FileNotFound | -6 | The file or directory cannot be found. | |
TimedOut | -7 | An operation timed out. | |
FileTooBig | -8 | The file is too large. | |
Unexpected | -9 | An unexpected error. This may be caused by a programming mistake or an invalid assumption. | |
AccessDenied | -10 | Permission to access a resource, other than the network, was denied. | |
NotImplemented | -11 | The operation failed because of unimplemented functionality. | |
InsufficientResources | -12 | There were not enough resources to complete the operation. | |
OutOfMemory | -13 | Memory allocation failed. | |
UploadFileChanged | -14 | The file upload failed because the file's modification time was different from the expectation. | |
SocketNotConnected | -15 | The socket is not connected. | |
FileExists | -16 | The file already exists. | |
FilePathTooLong | -17 | The path or file name is too long. | |
FileNoSpace | -18 | Not enough room left on the disk. | |
FileVirusInfected | -19 | The file has a virus. | |
BlockedByClient | -20 | The client chose to block the request. | |
NetworkChanged | -21 | The network changed. | |
BlockedByAdministrator | -22 | The request was blocked by the URL blacklist configured by the domain administrator. | |
SocketIsConnected | -23 | The socket is already connected. | |
UploadStreamRewindNotSupported | -25 | The upload failed because the upload stream needed to be re-read, due to a retry or a redirect, but the upload stream doesn't support that operation. | |
ContextShutDown | -26 | The request failed because the URLRequestContext is shutting down, or has been shut down. | |
BlockedByResponse | -27 | The request failed because the response was delivered along with requirements which are not met ('X-Frame-Options' and 'Content-Security-Policy' ancestor checks and 'Cross-Origin-Resource-Policy', for instance). | |
ConnectionClosed | -100 | A connection was closed (corresponding to a TCP FIN). | |
ConnectionReset | -101 | A connection was reset = corresponding to a TCP RST. | |
ConnectionRefused | -102 | A connection attempt was refused. | |
ConnectionAborted | -103 | A connection timed out as a result of not receiving an ACK for data sent. This can include a FIN packet that did not get ACK'd. | |
ConnectionFailed | -104 | A connection attempt failed. | |
NameNotResolved | -105 | The host name could not be resolved. | |
InternetDisconnected | -106 | The Internet connection has been lost. | |
SslProtocolError | -107 | An SSL protocol error occurred. | |
AddressInvalid | -108 | The IP address or port number is invalid = e.g., cannot connect to the IP address 0 or the port 0. | |
AddressUnreachable | -109 | The IP address is unreachable. This usually means that there is no route to the specified host or network. | |
SslClientAuthCertNeeded | -110 | The server requested a client certificate for SSL client authentication. | |
TunnelConnectionFailed | -111 | A tunnel connection through the proxy could not be established. | |
NoSslVersionsEnabled | -112 | No SSL protocol versions are enabled. | |
SslVersionOrCipherMismatch | -113 | The client and server don't support a common SSL protocol version or cipher suite. | |
SslRenegotiationRequested | -114 | The server requested a renegotiation = rehandshake,. | |
ProxyAuthUnsupported | -115 | The proxy requested authentication = for tunnel establishment, with an unsupported method. | |
BadSslClientAuthCert | -117 | The SSL handshake failed because of a bad or missing client certificate. | |
ConnectionTimedOut | -118 | A connection attempt timed out. | |
HostResolverQueueTooLarge | -119 | There are too many pending DNS resolves, so a request in the queue was aborted. | |
SocksConnectionFailed | -120 | Failed establishing a connection to the SOCKS proxy server for a target host. | |
SocksConnectionHostUnreachable | -121 | The SOCKS proxy server failed establishing connection to the target host because that host is unreachable. | |
NpnNegotiationFailed | -122 | The request to negotiate an alternate protocol failed. | |
SslNoRenegotiation | -123 | The peer sent an SSL no_renegotiation alert message. | |
WinsockUnexpectedWrittenBytes | -124 | Winsock sometimes reports more data written than passed. This is probably due to a broken LSP. | |
SslDecompressionFailureAlert | -125 | An SSL peer sent us a fatal decompression_failure alert. This typically occurs when a peer selects DEFLATE compression in the mistaken belief that it supports it. | |
SslBadRecordMacAlert | -126 | An SSL peer sent us a fatal bad_record_mac alert. This has been observed from servers with buggy DEFLATE support. | |
ProxyAuthRequested | -127 | The proxy requested authentication = for tunnel establishment. | |
ProxyConnectionFailed | -130 | Could not create a connection to the proxy server. An error occurred either in resolving its name, or in connecting a socket to it. Note that this does NOT include failures during the actual "CONNECT" method of an HTTP proxy. | |
MandatoryProxyConfigurationFailed | -131 | A mandatory proxy configuration could not be used. Currently this means that a mandatory PAC script could not be fetched, parsed or executed. | |
PreconnectMaxSocketLimit | -133 | We've hit the max socket limit for the socket pool while preconnecting. We don't bother trying to preconnect more sockets. | |
SslClientAuthPrivateKeyAccessDenied | -134 | The permission to use the SSL client certificate's private key was denied. | |
SslClientAuthCertNoPrivateKey | -135 | The SSL client certificate has no private key. | |
ProxyCertificateInvalid | -136 | The certificate presented by the HTTPS Proxy was invalid. | |
NameResolutionFailed | -137 | An error occurred when trying to do a name resolution = DNS,. | |
NetworkAccessDenied | -138 | Permission to access the network was denied. This is used to distinguish errors that were most likely caused by a firewall from other access denied errors. See also ERR_ACCESS_DENIED. | |
TemporarilyThrottled | -139 | The request throttler module cancelled this request to avoid DDOS. | |
HttpsProxyTunnelResponse | -140 | A request to create an SSL tunnel connection through the HTTPS proxy received a non-200 = OK, and non-407 = Proxy Auth, response. The response body might include a description of why the request failed. | |
SslClientAuthSignatureFailed | -141 | We were unable to sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key. Possible causes for this include the user implicitly or explicitly denying access to the private key, the private key may not be valid for signing, the key may be relying on a cached handle which is no longer valid, or the CSP won't allow arbitrary data to be signed. | |
MsgTooBig | -142 | The message was too large for the transport. = for example a UDP message which exceeds size threshold,. | |
WsProtocolError | -145 | Websocket protocol error. Indicates that we are terminating the connection due to a malformed frame or other protocol violation. | |
AddressInUse | -147 | Returned when attempting to bind an address that is already in use. | |
SslHandshakeNotCompleted | -148 | An operation failed because the SSL handshake has not completed. | |
SslBadPeerPublicKey | -149 | SSL peer's public key is invalid. | |
SslPinnedKeyNotInCertChain | -150 | The certificate didn't match the built-in public key pins for the host name. The pins are set in net/http/transport_security_state.cc and require that one of a set of public keys exist on the path from the leaf to the root. | |
ClientAuthCertTypeUnsupported | -151 | Server request for client certificate did not contain any types we support. | |
SslDecryptErrorAlert | -153 | An SSL peer sent us a fatal decrypt_error alert. This typically occurs when a peer could not correctly verify a signature (in CertificateVerify or ServerKeyExchange) or validate a Finished message. | |
WsThrottleQueueTooLarge | -154 | There are too many pending WebSocketJob instances, so the new job was not pushed to the queue. | |
SslServerCertChanged | -156 | The SSL server certificate changed in a renegotiation. | |
SslUnrecognizedNameAlert | -159 | The SSL server sent us a fatal unrecognized_name alert. | |
SocketSetReceiveBufferSizeError | -160 | Failed to set the socket's receive buffer size as requested. | |
SocketSetSendBufferSizeError | -161 | Failed to set the socket's send buffer size as requested. | |
SocketReceiveBufferSizeUnchangeable | -162 | Failed to set the socket's receive buffer size as requested, despite success return code from setsockopt. | |
SocketSendBufferSizeUnchangeable | -163 | Failed to set the socket's send buffer size as requested, despite success return code from setsockopt. | |
SslClientAuthCertBadFormat | -164 | Failed to import a client certificate from the platform store into the SSL library. | |
IcannNameCollision | -166 | Resolving a hostname to an IP address list included the IPv4 address "127.0.53.53". This is a special IP address which ICANN has recommended to indicate there was a name collision, and alert admins to a potential problem. | |
SslServerCertBadFormat | -167 | The SSL server presented a certificate which could not be decoded. This is not a certificate error code as no X509Certificate object is available. This error is fatal. | |
CtSthParsingFailed | -168 | Certificate Transparency: Received a signed tree head that failed to parse. | |
CtSthIncomplete | -169 | Certificate Transparency: Received a signed tree head whose JSON parsing was OK but was missing some of the fields. | |
UnableToReuseConnectionForProxyAuth | -170 | The attempt to reuse a connection to send proxy auth credentials failed before the AuthController was used to generate credentials. The caller should reuse the controller with a new connection. This error is only used internally by the network stack. | |
CtConsistencyProofParsingFailed | -171 | Certificate Transparency: Failed to parse the received consistency proof. | |
SslObsoleteCipher | -172 | The SSL server required an unsupported cipher suite that has since been removed. This error will temporarily be signaled on a fallback for one or two releases immediately following a cipher suite's removal, after which the fallback will be removed. | |
WsUpgrade | -173 | When a WebSocket handshake is done successfully and the connection has been upgraded, the URLRequest is cancelled with this error code. | |
ReadIfReadyNotImplemented | -174 | Socket ReadIfReady support is not implemented. This error should not be user visible, because the normal Read() method is used as a fallback. | |
NoBufferSpace | -176 | No socket buffer space is available. | |
SslClientAuthNoCommonAlgorithms | -177 | There were no common signature algorithms between our client certificate private key and the server's preferences. | |
EarlyDataRejected | -178 | TLS 1.3 early data was rejected by the server. This will be received before any data is returned from the socket. The request should be retried with early data disabled. | |
WrongVersionOnEarlyData | -179 | TLS 1.3 early data was offered, but the server responded with TLS 1.2 or earlier. This is an internal error code to account for a backwards-compatibility issue with early data and TLS 1.2. It will be received before any data is returned from the socket. The request should be retried with early data disabled. See https://tools.ietf.org/html/rfc8446#appendix-D.3 for details. | |
Tls13DowngradeDetected | -180 | TLS 1.3 was enabled, but a lower version was negotiated and the server returned a value indicating it supported TLS 1.3. This is part of a security check in TLS 1.3, but it may also indicate the user is behind a buggy TLS-terminating proxy which implemented TLS 1.2 incorrectly. (See https://crbug.com/boringssl/226.) | |
SslKeyUsageIncompatible | -181 | The server's certificate has a keyUsage extension incompatible with the negotiated TLS key exchange method. | |
CertCommonNameInvalid | -200 | The server responded with a certificate whose common name did not match the host name. This could mean: 1. An attacker has redirected our traffic to his server and is presenting a certificate for which he knows the private key. 2. The server is misconfigured and responding with the wrong cert. 3. The user is on a wireless network and is being redirected to the network's login page. 4. The OS has used a DNS search suffix and the server doesn't have a certificate for the abbreviated name in the address bar. | |
CertDateInvalid | -201 | The server responded with a certificate that, by our clock, appears to either not yet be valid or to have expired. This could mean: 1. An attacker is presenting an old certificate for which he has managed to obtain the private key. 2. The server is misconfigured and is not presenting a valid cert. 3. Our clock is wrong. | |
CertAuthorityInvalid | -202 | The server responded with a certificate that is signed by an authority we don't trust. The could mean: 1. An attacker has substituted the real certificate for a cert that contains his public key and is signed by his cousin. 2. The server operator has a legitimate certificate from a CA we don't know about, but should trust. 3. The server is presenting a self-signed certificate, providing no defense against active attackers = but foiling passive attackers. | |
CertContainsErrors | -203 | The server responded with a certificate that contains errors. This error is not recoverable. MSDN describes this error as follows: "The SSL certificate contains errors." NOTE: It's unclear how this differs from ERR_CERT_INVALID. For consistency, use that code instead of this one from now on. | |
CertNoRevocationMechanism | -204 | The certificate has no mechanism for determining if it is revoked. In effect, this certificate cannot be revoked. | |
CertUnableToCheckRevocation | -205 | Revocation information for the security certificate for this site is not available. This could mean: 1. An attacker has compromised the private key in the certificate and is blocking our attempt to find out that the cert was revoked. 2. The certificate is unrevoked, but the revocation server is busy or unavailable. | |
CertRevoked | -206 | The server responded with a certificate has been revoked. We have the capability to ignore this error, but it is probably not the thing to do. | |
CertInvalid | -207 | The server responded with a certificate that is invalid. This error is not recoverable. MSDN describes this error as follows: "The SSL certificate is invalid." | |
CertWeakSignatureAlgorithm | -208 | The server responded with a certificate that is signed using a weak signature algorithm. | |
CertNonUniqueName | -210 | The host name specified in the certificate is not unique. | |
CertWeakKey | -211 | The server responded with a certificate that contains a weak key = e.g. a too-small RSA key. | |
CertNameConstraintViolation | -212 | The certificate claimed DNS names that are in violation of name constraints. | |
CertValidityTooLong | -213 | The certificate's validity period is too long. | |
CertTransparencyRequired | -214 | Certificate Transparency was required for this connection, but the server did not provide CT information that complied with the policy. | |
CertEnd | -217 | The value immediately past the last certificate error code. | |
InvalidUrl | -300 | The URL is invalid. | |
DisallowedUrlScheme | -301 | The scheme of the URL is disallowed. | |
UnknownUrlScheme | -302 | The scheme of the URL is unknown. | |
InvalidRedirect | -303 | Attempting to load an URL resulted in a redirect to an invalid URL. | |
TooManyRedirects | -310 | Attempting to load an URL resulted in too many redirects. | |
UnsafeRedirect | -311 | Attempting to load an URL resulted in an unsafe redirect = e.g., a redirect to file:// is considered unsafe. | |
UnsafePort | -312 | Attempting to load an URL with an unsafe port number. These are port numbers that correspond to services, which are not robust to spurious input that may be constructed as a result of an allowed web construct = e.g., HTTP looks a lot like SMTP, so form submission to port 25 is denied,. | |
InvalidResponse | -320 | The server's response was invalid. | |
InvalidChunkedEncoding | -321 | Error in chunked transfer encoding. | |
MethodNotSupported | -322 | The server did not support the request method. | |
UnexpectedProxyAuth | -323 | The response was 407 = Proxy Authentication Required,, yet we did not send the request to a proxy. | |
EmptyResponse | -324 | The server closed the connection without sending any data. | |
ResponseHeadersTooBig | -325 | The headers section of the response is too large. | |
PacScriptFailed | -327 | The evaluation of the PAC script failed. | |
RequestRangeNotSatisfiable | -328 | The response was 416 = Requested range not satisfiable, and the server cannot satisfy the range requested. | |
MalformedIdentity | -329 | The identity used for authentication is invalid. | |
ContentDecodingFailed | -330 | Content decoding of the response body failed. | |
NetworkIoSuspended | -331 | An operation could not be completed because all network IO is suspended. | |
SynReplyNotReceived | -332 | FLIP data received without receiving a SYN_REPLY on the stream. | |
EncodingConversionFailed | -333 | Converting the response to target encoding failed. | |
UnrecognizedFtpDirectoryListingFormat | -334 | The server sent an FTP directory listing in a format we do not understand. | |
NoSupportedProxies | -336 | There are no supported proxies in the provided list. | |
SpdyProtocolError | -337 | There is a SPDY protocol error. | |
InvalidAuthCredentials | -338 | Credentials could not be established during HTTP Authentication. | |
UnsupportedAuthScheme | -339 | An HTTP Authentication scheme was tried which is not supported on this machine. | |
EncodingDetectionFailed | -340 | Detecting the encoding of the response failed. | |
MissingAuthCredentials | -341 | = GSSAPI, No Kerberos credentials were available during HTTP Authentication. | |
UnexpectedSecurityLibraryStatus | -342 | An unexpected, but documented, SSPI or GSSAPI status code was returned. | |
MisconfiguredAuthEnvironment | -343 | The environment was not set up correctly for authentication = for example, no KDC could be found or the principal is unknown. | |
UndocumentedSecurityLibraryStatus | -344 | An undocumented SSPI or GSSAPI status code was returned. | |
ResponseBodyTooBigToDrain | -345 | The HTTP response was too big to drain. | |
ResponseHeadersMultipleContentLength | -346 | The HTTP response contained multiple distinct Content-Length headers. | |
IncompleteSpdyHeaders | -347 | SPDY Headers have been received, but not all of them - status or version headers are missing, so we're expecting additional frames to complete them. | |
PacNotInDhcp | -348 | No PAC URL configuration could be retrieved from DHCP. This can indicate either a failure to retrieve the DHCP configuration, or that there was no PAC URL configured in DHCP. | |
ResponseHeadersMultipleContentDisposition | -349 | The HTTP response contained multiple Content-Disposition headers. | |
ResponseHeadersMultipleLocation | -350 | The HTTP response contained multiple Location headers. | |
SpdyServerRefusedStream | -351 | SPDY server refused the stream. Client should retry. This should never be a user-visible error. | |
SpdyPingFailed | -352 | SPDY server didn't respond to the PING message. | |
ContentLengthMismatch | -354 | The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed. | |
IncompleteChunkedEncoding | -355 | The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed. | |
QuicProtocolError | -356 | There is a QUIC protocol error. | |
HeadersTruncated | -357 | The HTTP headers were truncated by an EOF. | |
QuicHandshakeFailed | -358 | The QUIC crypto handshake failed. This means that the server was unable to read any requests sent, so they may be resent. | |
Http2InadequateTransportSecurity | -360 | Transport security is inadequate for the HTTP/2 version. | |
Http2FlowControlError | -361 | The peer violated HTTP/2 flow control. | |
Http2FrameSizeError | -362 | The peer sent an improperly sized HTTP/2 frame. | |
Http2CompressionError | -363 | Decoding or encoding of compressed HTTP/2 headers failed. | |
ProxyAuthRequestedWithNoConnection | -364 | Proxy Auth Requested without a valid Client Socket Handle. | |
Http11Required | -365 | HTTP_1_1_REQUIRED error code received on HTTP/2 session. | |
ProxyHttp11Required | -366 | HTTP_1_1_REQUIRED error code received on HTTP/2 session to proxy. | |
PacScriptTerminated | -367 | The PAC script terminated fatally and must be reloaded. | |
InvalidHttpResponse | -370 | The server was expected to return an HTTP/1.x response, but did not. Rather than treat it as HTTP/0.9, this error is returned. | |
ContentDecodingInitFailed | -371 | Initializing content decoding failed. | |
Http2RstStreamNoErrorReceived | -372 | Received HTTP/2 RST_STREAM frame with NO_ERROR error code. This error should be handled internally by HTTP/2 code, and should not make it above the SpdyStream layer. | |
TooManyRetries | -375 | An HTTP transaction was retried too many times due for authentication or invalid certificates. This may be due to a bug in the net stack that would otherwise infinite loop, or if the server or proxy continually requests fresh credentials or presents a fresh invalid certificate. | |
Http2StreamClosed | -376 | Received an HTTP/2 frame on a closed stream. | |
HttpResponseCodeFailure | -379 | The server returned a non-2xx HTTP response code. Note that this error is only used by certain APIs that interpret the HTTP response itself. URLRequest for instance just passes most non-2xx response back as success. | |
QuicCertRootNotKnown | -380 | The certificate presented on a QUIC connection does not chain to a known root and the origin connected to is not on a list of domains where unknown roots are allowed. | |
CacheMiss | -400 | The cache does not have the requested entry. | |
CacheReadFailure | -401 | Unable to read from the disk cache. | |
CacheWriteFailure | -402 | Unable to write to the disk cache. | |
CacheOperationNotSupported | -403 | The operation is not supported for this entry. | |
CacheOpenFailure | -404 | The disk cache is unable to open this entry. | |
CacheCreateFailure | -405 | The disk cache is unable to create this entry. | |
CacheRace | -406 | Multiple transactions are racing to create disk cache entries. This is an internal error returned from the HttpCache to the HttpCacheTransaction that tells the transaction to restart the entry-creation logic because the state of the cache has changed. | |
CacheChecksumReadFailure | -407 | The cache was unable to read a checksum record on an entry. This can be returned from attempts to read from the cache. It is an internal error, returned by the SimpleCache backend, but not by any URLRequest methods or members. | |
CacheChecksumMismatch | -408 | The cache found an entry with an invalid checksum. This can be returned from attempts to read from the cache. It is an internal error, returned by the SimpleCache backend, but not by any URLRequest methods or members. | |
CacheLockTimeout | -409 | Internal error code for the HTTP cache. The cache lock timeout has fired. | |
CacheAuthFailureAfterRead | -410 | Received a challenge after the transaction has read some data, and the credentials aren't available. There isn't a way to get them at that point. | |
CacheEntryNotSuitable | -411 | Internal not-quite error code for the HTTP cache. In-memory hints suggest that the cache entry would not have been useable with the transaction's current configuration (e.g. load flags, mode, etc.). | |
CacheDoomFailure | -412 | The disk cache is unable to doom this entry. | |
CacheOpenOrCreateFailure | -413 | The disk cache is unable to open or create this entry. | |
InsecureResponse | -501 | The server's response was insecure = e.g. there was a cert error,. | |
NoPrivateKeyForCert | -502 | The server responded to a <keygen> with a generated client cert that we don't have the matching private key for. | |
AddUserCertFailed | -503 | An error adding to the OS certificate database = e.g. OS X Keychain,. | |
InvalidSignedExchange | -504 | An error occurred while handling a signed exchange. | |
InvalidWebBundle | -505 | An error occurred while handling a Web Bundle source. | |
TrustTokenOperationFailed | -506 | A Trust Tokens protocol operation-executing request failed for one of a number of reasons (precondition failure, internal error, bad response). | |
TrustTokenOperationCacheHit | -507 | When handling a Trust Tokens protocol operation-executing request, the system found that the request's desired Trust Tokens results were already present in a local cache; as a result, the main request was cancelled. | |
Pkcs12ImportBadPassword | -701 | PKCS #12 import failed due to incorrect password. | |
Pkcs12ImportFailed | -702 | PKCS #12 import failed due to other error. | |
ImportCaCertNotCa | -703 | CA import failed - not a CA cert. | |
ImportCertAlreadyExists | -704 | Import failed - certificate already exists in database. Note it's a little weird this is an error but reimporting a PKCS12 is ok = no-op,. That's how Mozilla does it, though. | |
ImportCaCertFailed | -705 | CA import failed due to some other error. | |
ImportServerCertFailed | -706 | Server certificate import failed due to some internal error. | |
Pkcs12ImportInvalidMac | -707 | PKCS #12 import failed due to invalid MAC. | |
Pkcs12ImportInvalidFile | -708 | PKCS #12 import failed due to invalid/corrupt file. | |
Pkcs12ImportUnsupported | -709 | PKCS #12 import failed due to unsupported features. | |
KeyGenerationFailed | -710 | Key generation failed. | |
PrivateKeyExportFailed | -712 | Failure to export private key. | |
SelfSignedCertGenerationFailed | -713 | Self-signed certificate generation failed. | |
CertDatabaseChanged | -714 | The certificate database changed in some way. | |
DnsMalformedResponse | -800 | DNS resolver received a malformed response. | |
DnsServerRequiresTcp | -801 | DNS server requires TCP | |
DnsServerFailed | -802 | DNS server failed. This error is returned for all of the following error conditions: 1 - Format error - The name server was unable to interpret the query. 2 - Server failure - The name server was unable to process this query due to a problem with the name server. 4 - Not Implemented - The name server does not support the requested kind of query. 5 - Refused - The name server refuses to perform the specified operation for policy reasons. | |
DnsTimedOut | -803 | DNS transaction timed out. | |
DnsCacheMiss | -804 | The entry was not found in cache, for cache-only lookups. | |
DnsSearchEmpty | -805 | Suffix search list rules prevent resolution of the given host name. | |
DnsSortError | -806 | Failed to sort addresses according to RFC3484. |