@@ Line 68: / Line 68: @@
 == SetDebugOption ==
-Takes an input u32 '''DebugOptionType''' and a type-0x5 input buffer, no output.
+Takes an input u32 [[#DebugOptionType]] and a type-0x5 input buffer, no output.
 The input u32 value must be 0, and the buffer addr/size must not be 0.
@@ Line 77: / Line 77: @@
 == GetDebugOption ==
-Takes an input u32 '''DebugOptionType''' and a type-0x6 output buffer.
+Takes an input u32 [[#DebugOptionType]] and a type-0x6 output buffer.
 Same as [[#SetDebugOption]] except this copies state to the buffer instead.
@@ Line 314: / Line 314: @@
 = SslVersion =
-This is the "nn::ssl::sf::SslVersion" / "nn::ssl::Context::SslVersion" enum.
+This is "nn::ssl::sf::SslVersion" or "nn::ssl::Context::SslVersion".
+{| class="wikitable" border="1"
+|-
+! Value
+! Description
+|-
+| 0x1 || Auto
+|-
+| 0x8 || TlsV10
+|-
+| 0x10 || TlsV11
+|-
+| 0x20 || TlsV12
+|}
+= DebugOptionType =
+This is "nn::ssl::sf::DebugOptionType" or "nn::ssl::DebugOption".
+{| class="wikitable" border="1"
+|-
+! Value
+! Description
+|-
+| 0 || AllowDisableVerifyOption
+|}
 = FlushSessionCacheOptionType =
-This is the "nn::ssl::sf::FlushSessionCacheOptionType" / "nn::ssl::FlushSessionCacheOptionType" enum.
+This is "nn::ssl::sf::FlushSessionCacheOptionType" or "nn::ssl::FlushSessionCacheOptionType".
 {| class="wikitable" border="1"
@@ Line 324: / Line 349: @@
 ! Description
 |-
-| 0 ||
+| 0 || SingleHost
 |-
-| 1 ||
+| 1 || AllHosts
 |}
 = BuiltInCertificateInfo =
+This is "nn::ssl::BuiltInManager::BuiltInCertificateInfo".
 {| class="wikitable" border="1"
 |-
@@ Line 342: / Line 369: @@
 | 0x4
 | 0x4
-| [[#BuiltinDataStatus]]
+| [[#TrustedCertStatus]]
 |-
 | 0x8
 | 0x8
-| Data size
+| CertificateSize
 |-
 | 0x10
 | 0x8
-| Data offset
+| CertificateDataOffset
 |}
-This is the struct returned by [[#GetCertificates]]. Official sw converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" with offset converted to a ptr.
+This is the struct returned by [[#GetCertificates]]. It is internally converted from "nn::ssl::detail::BuiltinDataInfo" by copying "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" into [[#TrustedCertStatus]] and official software then further converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" by transforming "CertificateDataOffset" into an actual pointer.
+= TrustedCertStatus =
+This is "nn::ssl::TrustedCertStatus".
-= BuiltinDataStatus =
 {| class="wikitable" border="1"
 |-
@@ Line 363: / Line 392: @@
 | -1
 | Invalid
+|-
+| 0
+| Removed
 |-
 | 1
-| Valid
+| EnabledTrusted
+|-
+| 2
+| EnabledNotTrusted
+|-
+| 3
+| Revoked
 |}
-This is the "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" enum.
+= CaCertificateId =
+This is "nn::ssl::CaCertificateId".
-= CaCertificateId =
 {| class="wikitable" border="1"
 |-
@@ Line 376: / Line 414: @@
 ! Description
 |-
-| 1 || Nintendo {...}
+| -1 || All
+|-
+| 1 || NintendoCAG3
+|-
+| 2 || NintendoClass2CAG3
+|-
+| 1000 || AmazonRootCA1
+|-
+| 1001 || StarfieldServicesRootCertificateAuthorityG2
+|-
+| 1002 || AddTrustExternalCARoot
+|-
+| 1003 || COMODOCertificationAuthority
+|-
+| 1004 || UTNDATACorpSGC
+|-
+| 1005 || UTNUSERFirstHardware
+|-
+| 1006 || BaltimoreCyberTrustRoot
+|-
+| 1007 || CybertrustGlobalRoot
+|-
+| 1008 || VerizonGlobalRootCA
+|-
+| 1009 || DigiCertAssuredIDRootCA
+|-
+| 1010 || DigiCertAssuredIDRootG2
+|-
+| 1011 || DigiCertGlobalRootCA
+|-
+| 1012 || DigiCertGlobalRootG2
+|-
+| 1013 || DigiCertHighAssuranceEVRootCA
+|-
+| 1014 || EntrustnetCertificationAuthority2048
+|-
+| 1015 || EntrustRootCertificationAuthority
+|-
+| 1016 || EntrustRootCertificationAuthorityG2
+|-
+| 1017 || GeoTrustGlobalCA2
+|-
+| 1018 || GeoTrustGlobalCA
+|-
+| 1019 || GeoTrustPrimaryCertificationAuthorityG3
+|-
+| 1020 || GeoTrustPrimaryCertificationAuthority
+|-
+| 1021 || GlobalSignRootCA
+|-
+| 1022 || GlobalSignRootCAR2
+|-
+| 1023 || GlobalSignRootCAR3
+|-
+| 1024 || GoDaddyClass2CertificationAuthority
+|-
+| 1025 || GoDaddyRootCertificateAuthorityG2
+|-
+| 1026 || StarfieldClass2CertificationAuthority
+|-
+| 1027 || StarfieldRootCertificateAuthorityG2
+|-
+| 1028 || thawtePrimaryRootCAG3
+|-
+| 1029 || thawtePrimaryRootCA
+|-
+| 1030 || VeriSignClass3PublicPrimaryCertificationAuthorityG3
 |-
-| 2 || Nintendo {...}
+| 1031 || VeriSignClass3PublicPrimaryCertificationAuthorityG5
+|-
+| 1032 || VeriSignUniversalRootCertificationAuthority
+|-
+| 1033 || DSTRootCAX3
 |}
-This is the "nn::ssl::CaCertificateId" enum. Note: the above is missing the non-Nintendo certs.
 = InternalPki =
-This is the "nn::ssl::sf::InternalPki" / "nn::ssl::Context::InternalPki" enum.
+This is "nn::ssl::sf::InternalPki" or "nn::ssl::Context::InternalPki".
-An error is thrown by [[#RegisterInternalPki]] when the input value does not match 1.
 {| class="wikitable" border="1"
@@ Line 393: / Line 497: @@
 ! Description
 |-
-| 1 ||
+| 0 || None
+|-
+| 1 || DeviceClientCertDefault
 |}
+An error is thrown by [[#RegisterInternalPki]] when the input value does not match "DeviceClientCertDefault".
 = ContextOption =
-This is the "nn::ssl::sf::ContextOption" / "nn::ssl::Context::ContextOption" enum.
+This is "nn::ssl::sf::ContextOption" or "nn::ssl::Context::ContextOption".
 {| class="wikitable" border="1"
@@ Line 404: / Line 512: @@
 ! Description
 |-
-| 1 ||
+| 0 || None
+|-
+| 1 || CrlImportDateCheckEnable
 |}
 = CertificateFormat =
-This is the "nn::ssl::sf::CertificateFormat" / "nn::ssl::CertificateFormat" enum.
+This is "nn::ssl::sf::CertificateFormat" or "nn::ssl::CertificateFormat".
 {| class="wikitable" border="1"
@@ Line 415: / Line 525: @@
 ! Description
 |-
-| 1 ||
+| 1 || Pem
 |-
-| 2 ||
+| 2 || Der
 |}
 = VerifyOption =
-This is the "nn::ssl::sf::VerifyOption" enum. This is a bitmask.
+This is "nn::ssl::sf::VerifyOption". This is a bitmask.
-Originally ssl-sysmodule ([[#SetVerifyOption]]) just wrote the input field to state. With [5.0.0+] there's now validation for the input, with the value written to state masked with {allowed bitmask}. When [[#SetInterfaceVersion|InterfaceVersion]] is >=0x2, the low 2-bits of VerifyOption must be set, unless {state flag for [[#OptionType]] value 2} is set or [9.0.0+] {bool [[#SetDebugOption|DebugOption]] state flag} is set, otherwise an error is thrown. [6.0.0+]: Following that, if VerifyOption bit4 is set, then VerifyOption & 0x15 must match 0x15 otherwise an error is thrown.
 {| class="wikitable" border="1"
@@ Line 430: / Line 538: @@
 ! Description
 |-
-| 0 ||
+| 0 || PeerCa
 |-
-| 1 ||
+| 1 || HostName
 |-
-| 2 ||
+| 2 || DateCheck
 |-
-| 3 ||
+| 3 || EvCertPartial
 |-
-| 4 || [6.0.0+]
+| 4 || [6.0.0+] EvPolicyOid
 |-
-| 5 || [6.0.0+]
+| 5 || [6.0.0+] EvCertFingerprint
 |}
+Originally ssl-sysmodule ([[#SetVerifyOption]]) just wrote the input field to state. With [5.0.0+] there's now validation for the input, with the value written to state masked with {allowed bitmask}. When [[#SetInterfaceVersion|InterfaceVersion]] is >=0x2, the low 2-bits of VerifyOption must be set, unless {state flag for [[#OptionType]] value 2} is set or [9.0.0+] {bool [[#SetDebugOption|DebugOption]] state flag} is set, otherwise an error is thrown. [6.0.0+]: Following that, if VerifyOption bit4 is set, then VerifyOption & 0x15 must match 0x15 otherwise an error is thrown.
 = IoMode =
-This is the "nn::ssl::sf::IoMode" / "nn::ssl::Connection::IoMode" enum.
+This is "nn::ssl::sf::IoMode" or "nn::ssl::Connection::IoMode".
 {| class="wikitable" border="1"
@@ Line 451: / Line 561: @@
 ! Description
 |-
-| 1 ||
+| 1 || Blocking
 |-
-| 2 ||
+| 2 || NonBlocking
 |}
 = PollEvent =
-This is the "nn::ssl::sf::PollEvent" / "nn::ssl::Connection::PollEvent" enum. This is a bitmask.
+This is "nn::ssl::sf::PollEvent" or "nn::ssl::Connection::PollEvent". This is a bitmask.
 {| class="wikitable" border="1"
@@ Line 464: / Line 574: @@
 ! Description
 |-
-| 0 ||
+| 0 || Read
 |-
-| 1 ||
+| 1 || Write
 |-
-| 2 ||
+| 2 || Except
 |}
 = SessionCacheMode =
-This is the "nn::ssl::sf::SessionCacheMode" / "nn::ssl::Connection::SessionCacheMode" enum.
+This is "nn::ssl::sf::SessionCacheMode" or "nn::ssl::Connection::SessionCacheMode".
 {| class="wikitable" border="1"
@@ Line 479: / Line 589: @@
 ! Description
 |-
-| 0 ||
+| 0 || None
 |-
-| 1 ||
+| 1 || SessionId
 |-
-| 2 ||
+| 2 || SessionTicket
 |}
 = RenegotiationMode =
-This is the "nn::ssl::sf::RenegotiationMode" / "nn::ssl::Connection::RenegotiationMode" enum.
+This is "nn::ssl::sf::RenegotiationMode" or "nn::ssl::Connection::RenegotiationMode".
 {| class="wikitable" border="1"
@@ Line 494: / Line 604: @@
 ! Description
 |-
-| 0 ||
+| 0 || None
 |-
-| 1 ||
+| 1 || Secure
 |}
 = OptionType =
-This is the "nn::ssl::sf::OptionType" / "nn::ssl::Connection::OptionType" enum.
+This is "nn::ssl::sf::OptionType" or "nn::ssl::Connection::OptionType".
+{| class="wikitable" border="1"
+|-
+! Value
+! Description
+|-
+| 0 || DoNotCloseSocket
+|-
+| 1 || [3.0.0+] GetServerCertChain
+|-
+| 2 || [5.0.0+] SkipDefaultVerify
+|-
+| 3 || [9.0.0+] EnableAlpn
+|}
 This corresponds to bool flags.
+"SkipDefaultVerify" is checked by [[#VerifyOption|SetVerifyOption]] and "EnableAlpn" is only available with [[#SetOption_2|SetOption]].
+= AlpnProtoState =
+This is "nn::ssl::sf::AlpnProtoState" or "nn::ssl::Connection::AlpnProtoState".
 {| class="wikitable" border="1"
@@ Line 509: / Line 638: @@
 ! Description
 |-
-| 0 ||
+| 0 || NoSupport
 |-
-| 1 || [3.0.0+]
+| 1 || Negotiated
 |-
-| 2 || [5.0.0+] This flag is checked by [[#VerifyOption|SetVerifyOption]].
+| 2 || NoOverlap
 |-
-| 3 || [9.0.0+] Only available with [[#SetOption_2|SetOption]].
+| 3 || Selected
+|-
+| 4 || EarlyValue
 |}
-= AlpnProtoState =
-This is the "nn::ssl::sf::AlpnProtoState" / "nn::ssl::Connection::AlpnProtoState" enum.
 = CipherInfo =
@@ Line 544: / Line 672: @@
 These have the following structure:
 {| class="wikitable" border="1"
 |-
@@ Line 567: / Line 694: @@
 | 0x0
 | 0x4
-| ID
+| Id
 |-
 | 0x4

SSL services: Difference between revisions