2,928
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − + + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 9:
Line 113: + +
no edit summary
=ssl=
= ssl =
This is "nn::ssl::sf::ISslService".
=Client cert+privk=
{| class="wikitable" border="1"
|-
! Cmd || Name
|-
| 0 || CreateContext
|-
| 1 || GetContextCount
|-
| 2 || GetCertificates
|-
| 3 || GetCertificateBufSize
|-
| 4 || DebugIoctl
|-
| 5 || SetInterfaceVersion
|}
== ISslContext ==
{| class="wikitable" border="1"
|-
! Cmd || Name
|-
| 0 || SetOption
|-
| 1 || GetOption
|-
| 2 || CreateConnection
|-
| 3 || GetConnectionCount
|-
| 4 || ImportServerPki
|-
| 5 || ImportClientPki
|-
| 6 || RemoveServerPki
|-
| 7 || RemoveClientPki
|-
| 8 || RegisterInternalPki
|-
| 9 || AddPolicyOid
|-
| 10 || ImportCrl
|-
| 11 || RemoveCrl
|}
=== ISslConnection ===
{| class="wikitable" border="1"
|-
! Cmd || Name
|-
| 0 || SetSocketDescriptor
|-
| 1 || SetHostName
|-
| 2 || SetVerifyOption
|-
| 3 || SetIoMode
|-
| 4 || GetSocketDescriptor
|-
| 5 || GetHostName
|-
| 6 || GetVerifyOption
|-
| 7 || GetIoMode
|-
| 8 || DoHandshake
|-
| 9 || DoHandshakeGetServerCert
|-
| 10 || Read
|-
| 11 || Write
|-
| 12 || Pending
|-
| 13 || Peek
|-
| 14 || Poll
|-
| 15 || GetVerifyCertError
|-
| 16 || GetNeededServerCertBufferSize
|-
| 17 || SetSessionCacheMode
|-
| 18 || GetSessionCacheMode
|-
| 19 || FlushSessionCache
|-
| 20 || SetRenegotiationMode
|-
| 21 || GetRenegotiationMode
|-
| 22 || SetOption
|-
| 23 || GetOption
|-
| 24 || GetVerifyCertErrors
|}
= Client cert+privk =
SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]].
SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]].
* 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0.
* 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0.
* 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise.
* 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise.
[[Category:Services]]