SSL Services: Difference between revisions

← Older edit

@@ Line 46: / Line 46: @@
 | [[1.0.0-0]]
 |
-| This writes an output u32 to cmdreply[2](created context handle).
+| CreateCrlStore. This writes an output u32 to cmdreply[2](created context handle).
 |-
 | 0x00090040
 | [[1.0.0-0]]
 |
-| (u32 handle for a context) This is used for destroying a context created by command 0x00080000.
+| DestroyCrlStore(u32 contexthandle)
 |-
 | 0x000A0082
 | [[1.0.0-0]]
 | Main-only
-| (u32 contexthandle, u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr) Writes the output cert-context-handle to cmdreply[2]. This uses a context created by command 0x00080000. This adds the specified cert to this context.
+| AddCrlToCrlStore(u32 contexthandle, u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr)
 |-
 | 0x000B0080
 | [[1.0.0-0]]
 | Main-only
-| (u32 contexthandle, u8 inval2) Writes an output cert-context-handle to cmdreply[2]. This uses a context created by command 0x00080000. This just returns error 0xD8A0B83D eventually.
+| AddInternalCrlToCrlStore(u32 contexthandle, u8 inval2)
 |-
 | 0x000C0080
 | [[1.0.0-0]]
 | Main-only
-| (u32 contexthandle, u32 certcontexthandle) This uses a context created by command 0x00080000. This removes the specified cert from the context.
+| RemoveCrlFromCrlStore(u32 contexthandle, u32 certcontexthandle) This removes the specified cert from the context.
 |-
 | 0x000D0084
@@ Line 136: / Line 136: @@
 | [[1.0.0-0]]
 | Context-only
-| (u32 [[SSLC:CreateContext|contexthandle]], u32 handle) This writes a context handle created by command 0x00080000 into the session context.
+| SetCrlStore(u32 [[SSLC:CreateContext|contexthandle]], u32 handle) This writes a context handle created by command 0x00080000 into the session context.
 |-
 | 0x001B0080
@@ Line 151: / Line 151: @@
 | [[1.0.0-0]]
 | Context-only
-| (u32 [[SSLC:CreateContext|contexthandle]]) Writes an output u32 from the context state to cmdreply[2].
+| GetCertVerificationErrors(u32 [[SSLC:CreateContext|contexthandle]]) Writes an output u32 from the context state to cmdreply[2].
 |-
 | 0x001E0040
@@ Line 166: / Line 166: @@
 | [[1.0.0-0]]
 | Context-only
-| ([[SSLC:CreateContext|contexthandle]], u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr) This loads the input cert, it's unknown what format the cert is. The input buffer is handled as a string. It's unknown what the cert is used for once this command is finished.
+| AddEVPolicyID([[SSLC:CreateContext|contexthandle]], u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr)  The input buffer is handled as a string.
 |}
@@ Line 194: / Line 194: @@
 {| class="wikitable" border="1"
 |-
-!  Bit(s)
+!  Flag (BIT)
 !  Description
 |-
-| 8
+| 0x000 (??)
-| ?
+| Don't verify certificate at all
 |-
-| 9
+| 0x001 (00)
-| Disables server cert verification when set.
+| Verify Common Name (CN)
 |-
-| 11
+| 0x002 (01)
-| Use TLSv1.0.
+| Verify RootCA
+|-
+| 0x004 (02)
+| Verify date
+|-
+| 0x008 (03)
+| Verify cert chain
+|-
+| 0x010 (04)
+| Verify "subject alt name" (required for multi-address certificates)
+|-
+| 0x020 (05)
+| Verify cert EV
+|-
+| 0x200 (09)
+| Makes certification validation always succeed
+|-
+| 0x800 (11)
+| Disable use of TLSv1.1 (hence fallback to TLSv1.0)
 |}
@@ Line 214: / Line 232: @@
 !  Error code
 !  Description
+|-
+| 0xD8A0B801
+| Generic error, it means "this is not an SSL connection"
+|-
+| 0xD840B802
+| EWOULDBLOCK while trying to read
+|-
+| 0xD840B803
+| EWOULDBLOCK while trying to write
+|-
+| 0xD840B807
+| EWOULDBLOCK while calling sslcStartConnection()
+|-
+| 0xD8A0B805
+| Syscall error, usually means there's no more data to be read because connection is closed
+|-
+| 0xD8A0B806
+| End-of-stream reached, there is no more data to be read
 |-
 | 0xD8A0B814