3dbrew

SSL Services: Difference between revisions

← Older edit
Added new error code indicating EWOULDBLOCK when calling sslcStartConnection()
 
(7 intermediate revisions by 3 users not shown)
Line 46: Line 46:
| [[1.0.0-0]]
| [[1.0.0-0]]
|  
|  
| This writes an output u32 to cmdreply[2](created context handle).
| CreateCrlStore. This writes an output u32 to cmdreply[2](created context handle).
|-
|-
| 0x00090040
| 0x00090040
| [[1.0.0-0]]
| [[1.0.0-0]]
|  
|  
| (u32 handle for a context) This is used for destroying a context created by command 0x00080000.
| DestroyCrlStore(u32 contexthandle)
|-
|-
| 0x000A0082
| 0x000A0082
| [[1.0.0-0]]
| [[1.0.0-0]]
| Main-only
| Main-only
| (u32 contexthandle, u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr) Writes the output cert-context-handle to cmdreply[2]. This uses a context created by command 0x00080000. This adds the specified cert to this context.
| AddCrlToCrlStore(u32 contexthandle, u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr)
|-
|-
| 0x000B0080
| 0x000B0080
| [[1.0.0-0]]
| [[1.0.0-0]]
| Main-only
| Main-only
| (u32 contexthandle, u8 inval2) Writes an output cert-context-handle to cmdreply[2]. This uses a context created by command 0x00080000. This just returns error 0xD8A0B83D eventually.
| AddInternalCrlToCrlStore(u32 contexthandle, u8 inval2)
|-
|-
| 0x000C0080
| 0x000C0080
| [[1.0.0-0]]
| [[1.0.0-0]]
| Main-only
| Main-only
| (u32 contexthandle, u32 certcontexthandle) This uses a context created by command 0x00080000. This removes the specified cert from the context.
| RemoveCrlFromCrlStore(u32 contexthandle, u32 certcontexthandle) This removes the specified cert from the context.
|-
|-
| 0x000D0084
| 0x000D0084
Line 136: Line 136:
| [[1.0.0-0]]
| [[1.0.0-0]]
| Context-only
| Context-only
| (u32 [[SSLC:CreateContext|contexthandle]], u32 handle) This writes a context handle created by command 0x00080000 into the session context.
| SetCrlStore(u32 [[SSLC:CreateContext|contexthandle]], u32 handle) This writes a context handle created by command 0x00080000 into the session context.
|-
|-
| 0x001B0080
| 0x001B0080
Line 151: Line 151:
| [[1.0.0-0]]
| [[1.0.0-0]]
| Context-only
| Context-only
| (u32 [[SSLC:CreateContext|contexthandle]]) Writes an output u32 from the context state to cmdreply[2].
| GetCertVerificationErrors(u32 [[SSLC:CreateContext|contexthandle]]) Writes an output u32 from the context state to cmdreply[2].
|-
|-
| 0x001E0040
| 0x001E0040
Line 166: Line 166:
| [[1.0.0-0]]
| [[1.0.0-0]]
| Context-only
| Context-only
| ([[SSLC:CreateContext|contexthandle]], u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr) This loads the input cert, it's unknown what format the cert is. The input buffer is handled as a string. It's unknown what the cert is used for once this command is finished.
| AddEVPolicyID([[SSLC:CreateContext|contexthandle]], u32 size, ((Size<<4)  <nowiki>|</nowiki> 10), inbufptr) The input buffer is handled as a string.  
|}
|}


Line 187: Line 187:


It's unknown what this context is actually used for. Trying to use this seems to have no affect on the TLS connection at all, it seems like the cert isn't even parsed.
It's unknown what this context is actually used for. Trying to use this seems to have no affect on the TLS connection at all, it seems like the cert isn't even parsed.
=Cert verification=
The server TLS cert not-before/not-after timestamps are not validated using the system-date which can be set via [[System Settings]](it's possible these timestamps are not validated at all).


=SSLOpt=
=SSLOpt=
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Bit(s)
Flag (BIT)
!  Description
!  Description
|-
|-
| 8
| 0x000 (??)
| ?
| Don't verify certificate at all
|-
| 0x001 (00)
| Verify Common Name (CN)
|-
| 0x002 (01)
| Verify RootCA
|-
|-
| 9
| 0x004 (02)
| Disables server cert verification when set.
| Verify date
|-
|-
| 11
| 0x008 (03)
| Use TLSv1.0.
| Verify cert chain
|-
| 0x010 (04)
| Verify "subject alt name" (required for multi-address certificates)
|-
| 0x020 (05)
| Verify cert EV
|-
| 0x200 (09)
| Makes certification validation always succeed
|-
| 0x800 (11)
| Disable use of TLSv1.1 (hence fallback to TLSv1.0)
|}
|}


Line 211: Line 232:
!  Error code
!  Error code
!  Description
!  Description
|-
| 0xD8A0B801
| Generic error, it means "this is not an SSL connection"
|-
| 0xD840B802
| EWOULDBLOCK while trying to read
|-
| 0xD840B803
| EWOULDBLOCK while trying to write
|-
| 0xD840B807
| EWOULDBLOCK while calling sslcStartConnection()
|-
| 0xD8A0B805
| Syscall error, usually means there's no more data to be read because connection is closed
|-
| 0xD8A0B806
| End-of-stream reached, there is no more data to be read
|-
|-
| 0xD8A0B814
| 0xD8A0B814
Retrieved from "https://www.3dbrew.org/wiki/SSL_Services"