SSL services: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
=ssl= | = ssl = | ||
This is "nn::ssl::sf::ISslService". | |||
=Client cert+privk= | {| class="wikitable" border="1" | ||
|- | |||
! Cmd || Name | |||
|- | |||
| 0 || CreateContext | |||
|- | |||
| 1 || GetContextCount | |||
|- | |||
| 2 || GetCertificates | |||
|- | |||
| 3 || GetCertificateBufSize | |||
|- | |||
| 4 || DebugIoctl | |||
|- | |||
| 5 || SetInterfaceVersion | |||
|} | |||
== ISslContext == | |||
{| class="wikitable" border="1" | |||
|- | |||
! Cmd || Name | |||
|- | |||
| 0 || SetOption | |||
|- | |||
| 1 || GetOption | |||
|- | |||
| 2 || CreateConnection | |||
|- | |||
| 3 || GetConnectionCount | |||
|- | |||
| 4 || ImportServerPki | |||
|- | |||
| 5 || ImportClientPki | |||
|- | |||
| 6 || RemoveServerPki | |||
|- | |||
| 7 || RemoveClientPki | |||
|- | |||
| 8 || RegisterInternalPki | |||
|- | |||
| 9 || AddPolicyOid | |||
|- | |||
| 10 || ImportCrl | |||
|- | |||
| 11 || RemoveCrl | |||
|} | |||
=== ISslConnection === | |||
{| class="wikitable" border="1" | |||
|- | |||
! Cmd || Name | |||
|- | |||
| 0 || SetSocketDescriptor | |||
|- | |||
| 1 || SetHostName | |||
|- | |||
| 2 || SetVerifyOption | |||
|- | |||
| 3 || SetIoMode | |||
|- | |||
| 4 || GetSocketDescriptor | |||
|- | |||
| 5 || GetHostName | |||
|- | |||
| 6 || GetVerifyOption | |||
|- | |||
| 7 || GetIoMode | |||
|- | |||
| 8 || DoHandshake | |||
|- | |||
| 9 || DoHandshakeGetServerCert | |||
|- | |||
| 10 || Read | |||
|- | |||
| 11 || Write | |||
|- | |||
| 12 || Pending | |||
|- | |||
| 13 || Peek | |||
|- | |||
| 14 || Poll | |||
|- | |||
| 15 || GetVerifyCertError | |||
|- | |||
| 16 || GetNeededServerCertBufferSize | |||
|- | |||
| 17 || SetSessionCacheMode | |||
|- | |||
| 18 || GetSessionCacheMode | |||
|- | |||
| 19 || FlushSessionCache | |||
|- | |||
| 20 || SetRenegotiationMode | |||
|- | |||
| 21 || GetRenegotiationMode | |||
|- | |||
| 22 || SetOption | |||
|- | |||
| 23 || GetOption | |||
|- | |||
| 24 || GetVerifyCertErrors | |||
|} | |||
= Client cert+privk = | |||
SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]]. | SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]]. | ||
| Line 9: | Line 113: | ||
* 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0. | * 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0. | ||
* 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise. | * 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise. | ||
[[Category:Services]] | |||