Difference between revisions of "SSL Services"
| Line 140: | Line 140: | ||
| 0x001B0080 | | 0x001B0080 | ||
| | | | ||
| − | | | + | | Context-only |
| − | | | + | | [[SSLC:ContextClearOpt|ContextClearOpt]] |
|- | |- | ||
| 0x001C00C4 | | 0x001C00C4 | ||
Revision as of 09:58, 20 February 2016
SSL service "ssl:C"
| Command Header | Available since system-version | Available from service-sessions | Description |
|---|---|---|---|
| 0x00010002 | (<value-0x20 kernel PID header>) Initialize | ||
| 0x000200C2 | CreateContext | ||
| 0x00030000 | CreateRootCertChain | ||
| 0x00040040 | DestroyRootCertChain | ||
| 0x00050082 | Main-only | AddTrustedRootCA | |
| 0x00060080 | Main-only | RootCertChainAddDefaultCert | |
| 0x00070080 | Main-only | (u32 RootCertChain_contexthandle, u32 inval) | |
| 0x00080000 | This writes an output u32 to cmdreply[2](created context handle). | ||
| 0x00090040 | (u32 handle for a context) This is used for destroying a context created by command 0x00080000. | ||
| 0x000A0082 | (u32 contexthandle, u32 size, ((Size<<4) | 10), inbufptr) Writes an output u32 to cmdreply[2]. This uses a context created by command 0x00080000. | ||
| 0x000B0080 | (u32 contexthandle, u8 inval2) Writes an output u32 to cmdreply[2]. This uses a context created by command 0x00080000. | ||
| 0x000C0080 | (u32 contexthandle, u32 inval) This uses a context created by command 0x00080000. | ||
| 0x000D0084 | (u32 size0, u32 size1, ((Size0<<4) | 10), inbufptr0, ((Size1<<4) | 10), inbufptr1) Writes an output u32 to cmdreply[2](created context handle). This is the same type of context created by command 0x000E0040. | ||
| 0x000E0040 | (u8 inval) Writes an output u32 to cmdreply[2](created context handle). | ||
| 0x000F0040 | (u32 handle for a context) This is used for destroying a context created by command 0x000E0040. | ||
| 0x00100000 | ? | ||
| 0x00110042 | GenerateRandomData | ||
| 0x00120042 | InitializeConnectionSession | ||
| 0x00130040 | (u32 contexthandle) Presumably used to start the actual TLS connection(not tested). | ||
| 0x00140040 | (u32 inval) Writes two u32s to cmdreply[2] and cmdreply[3]. | ||
| 0x00150082 | Context-only | Read | |
| 0x00160082 | (u32 inval, u32 size, ((Size<<4) | 12), outbufptr) Writes an output u32 to cmdreply[2]. | ||
| 0x00170082 | Write | ||
| 0x00180080 | ContextSetRootCertChain | ||
| 0x00190080 | Context-only | (u32 contexthandle, u32 handle) This writes the specified handle into the context state, this handle is the type of context from command 0x000E0040. | |
| 0x001A0080 | (u32 contexthandle, u32 inval) | ||
| 0x001B0080 | Context-only | ContextClearOpt | |
| 0x001C00C4 | (u32 inval, u32 size0, u32 size1, ((Size0<<4) | 12), outbufptr0, ((Size1<<4) | 12), outbufptr1) | ||
| 0x001D0040 | (u32 inval) Writes an output u32 to cmdreply[2]. | ||
| 0x001E0040 | DestroyContext | ||
| 0x001F0082 | Context-only | ContextInitSharedmem | |
| 0x00200082 | Context-only | (contexthandle, u32 size, ((Size<<4) | 10), inbufptr) Inbuf seems to be a cert? |
Going by strings in the SSL sysmodule it appears the sysmodule uses RSA BSAFE(like certain other 3DS software), this is also likely where the "ssl:C" name comes from(RSA BSAFE "SSL-C").
Similar to HTTPC, each SSL context is used with a dedicated service session which gets opened after creating that context. Following creating the context + opening the service session, SSLC:InitializeConnectionSession is used from that service session for that context. Afterwards, all commands which require a handle for this context are done with this dedicated service session.
Internally there's a separate object vtable used with the above SSLC commands, for the main session(where SSLC:InitializeConnectionSession wasn't used), and context sessions where SSLC:InitializeConnectionSession was used. Error 0xD960BBF4 will be returned if a command was used with the wrong session type.
Like some other commands, 0x001F0082 and 0x00200082 are not used by HTTP-sysmodule.
Among commands 0x00180080..0x001B0080 none of them are completely mandatory. However, with the default settings at bare minimum a RootCertChain needs selected otherwise an untrusted-RootCA error will trigger eventually.
Error codes
| Error code | Description |
|---|---|
| 0xd8a0b836 | The specified RootCertChain handle was not found in the linked-list. |