2,928
edits
Changes
Jump to navigation
Jump to search
Line 68:
Line 68: − + Line 77:
Line 77: − + Line 314:
Line 314: − + + + + + + + + + + + + + + + + + + + + + + + + + + − + Line 324:
Line 349: − + − + + + Line 342:
Line 369: − + − + − + − + + + + − = BuiltinDataStatus = Line 363:
Line 392: + + + − + + + + + + + − + + − = CaCertificateId = Line 376:
Line 414: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + + + + + − − This is the "nn::ssl::CaCertificateId" enum. Note: the above is missing the non-Nintendo certs. − + − − An error is thrown by [[#RegisterInternalPki]] when the input value does not match 1. Line 393:
Line 497: − + + + + + − + Line 404:
Line 512: − + + + − + Line 415:
Line 525: − + − + − + − − Originally ssl-sysmodule ([[#SetVerifyOption]]) just wrote the input field to state. With [5.0.0+] there's now validation for the input, with the value written to state masked with {allowed bitmask}. When [[#SetInterfaceVersion|InterfaceVersion]] is >=0x2, the low 2-bits of VerifyOption must be set, unless {state flag for [[#OptionType]] value 2} is set or [9.0.0+] {bool [[#SetDebugOption|DebugOption]] state flag} is set, otherwise an error is thrown. [6.0.0+]: Following that, if VerifyOption bit4 is set, then VerifyOption & 0x15 must match 0x15 otherwise an error is thrown. Line 430:
Line 538: − + − + − + − + − + − + + + − + Line 451:
Line 561: − + − + − + Line 464:
Line 574: − + − + − + − + Line 479:
Line 589: − + − + − + − + Line 494:
Line 604: − + − + − + + + + + + + + + + + + + + + + + + + + Line 509:
Line 638: − + − + − + − + + + − − = AlpnProtoState = − This is the "nn::ssl::sf::AlpnProtoState" / "nn::ssl::Connection::AlpnProtoState" enum. Line 544:
Line 672: − Line 567:
Line 694: − +
no edit summary
== SetDebugOption ==
== SetDebugOption ==
Takes an input u32 '''DebugOptionType''' and a type-0x5 input buffer, no output.
Takes an input u32 [[#DebugOptionType]] and a type-0x5 input buffer, no output.
The input u32 value must be 0, and the buffer addr/size must not be 0.
The input u32 value must be 0, and the buffer addr/size must not be 0.
== GetDebugOption ==
== GetDebugOption ==
Takes an input u32 '''DebugOptionType''' and a type-0x6 output buffer.
Takes an input u32 [[#DebugOptionType]] and a type-0x6 output buffer.
Same as [[#SetDebugOption]] except this copies state to the buffer instead.
Same as [[#SetDebugOption]] except this copies state to the buffer instead.
= SslVersion =
= SslVersion =
This is the "nn::ssl::sf::SslVersion" / "nn::ssl::Context::SslVersion" enum.
This is "nn::ssl::sf::SslVersion" or "nn::ssl::Context::SslVersion".
{| class="wikitable" border="1"
|-
! Value
! Description
|-
| 0x1 || Auto
|-
| 0x8 || TlsV10
|-
| 0x10 || TlsV11
|-
| 0x20 || TlsV12
|}
= DebugOptionType =
This is "nn::ssl::sf::DebugOptionType" or "nn::ssl::DebugOption".
{| class="wikitable" border="1"
|-
! Value
! Description
|-
| 0 || AllowDisableVerifyOption
|}
= FlushSessionCacheOptionType =
= FlushSessionCacheOptionType =
This is the "nn::ssl::sf::FlushSessionCacheOptionType" / "nn::ssl::FlushSessionCacheOptionType" enum.
This is "nn::ssl::sf::FlushSessionCacheOptionType" or "nn::ssl::FlushSessionCacheOptionType".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || SingleHost
|-
|-
| 1 ||
| 1 || AllHosts
|}
|}
= BuiltInCertificateInfo =
= BuiltInCertificateInfo =
This is "nn::ssl::BuiltInManager::BuiltInCertificateInfo".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
| 0x4
| 0x4
| 0x4
| 0x4
| [[#BuiltinDataStatus]]
| [[#TrustedCertStatus]]
|-
|-
| 0x8
| 0x8
| 0x8
| 0x8
| Data size
| CertificateSize
|-
|-
| 0x10
| 0x10
| 0x8
| 0x8
| Data offset
| CertificateDataOffset
|}
|}
This is the struct returned by [[#GetCertificates]]. Official sw converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" with offset converted to a ptr.
This is the struct returned by [[#GetCertificates]]. It is internally converted from "nn::ssl::detail::BuiltinDataInfo" by copying "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" into [[#TrustedCertStatus]] and official software then further converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" by transforming "CertificateDataOffset" into an actual pointer.
= TrustedCertStatus =
This is "nn::ssl::TrustedCertStatus".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
| -1
| -1
| Invalid
| Invalid
|-
| 0
| Removed
|-
|-
| 1
| 1
| Valid
| EnabledTrusted
|-
| 2
| EnabledNotTrusted
|-
| 3
| Revoked
|}
|}
This is the "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" enum.
= CaCertificateId =
This is "nn::ssl::CaCertificateId".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Description
! Description
|-
|-
| 1 || Nintendo {...}
| -1 || All
|-
| 1 || NintendoCAG3
|-
| 2 || NintendoClass2CAG3
|-
| 1000 || AmazonRootCA1
|-
| 1001 || StarfieldServicesRootCertificateAuthorityG2
|-
| 1002 || AddTrustExternalCARoot
|-
| 1003 || COMODOCertificationAuthority
|-
| 1004 || UTNDATACorpSGC
|-
| 1005 || UTNUSERFirstHardware
|-
| 1006 || BaltimoreCyberTrustRoot
|-
| 1007 || CybertrustGlobalRoot
|-
| 1008 || VerizonGlobalRootCA
|-
| 1009 || DigiCertAssuredIDRootCA
|-
| 1010 || DigiCertAssuredIDRootG2
|-
| 1011 || DigiCertGlobalRootCA
|-
| 1012 || DigiCertGlobalRootG2
|-
| 1013 || DigiCertHighAssuranceEVRootCA
|-
| 1014 || EntrustnetCertificationAuthority2048
|-
| 1015 || EntrustRootCertificationAuthority
|-
| 1016 || EntrustRootCertificationAuthorityG2
|-
| 1017 || GeoTrustGlobalCA2
|-
| 1018 || GeoTrustGlobalCA
|-
| 1019 || GeoTrustPrimaryCertificationAuthorityG3
|-
| 1020 || GeoTrustPrimaryCertificationAuthority
|-
| 1021 || GlobalSignRootCA
|-
| 1022 || GlobalSignRootCAR2
|-
| 1023 || GlobalSignRootCAR3
|-
| 1024 || GoDaddyClass2CertificationAuthority
|-
| 1025 || GoDaddyRootCertificateAuthorityG2
|-
| 1026 || StarfieldClass2CertificationAuthority
|-
| 1027 || StarfieldRootCertificateAuthorityG2
|-
| 1028 || thawtePrimaryRootCAG3
|-
| 1029 || thawtePrimaryRootCA
|-
| 1030 || VeriSignClass3PublicPrimaryCertificationAuthorityG3
|-
|-
| 2 || Nintendo {...}
| 1031 || VeriSignClass3PublicPrimaryCertificationAuthorityG5
|-
| 1032 || VeriSignUniversalRootCertificationAuthority
|-
| 1033 || DSTRootCAX3
|}
|}
= InternalPki =
= InternalPki =
This is the "nn::ssl::sf::InternalPki" / "nn::ssl::Context::InternalPki" enum.
This is "nn::ssl::sf::InternalPki" or "nn::ssl::Context::InternalPki".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 1 ||
| 0 || None
|-
| 1 || DeviceClientCertDefault
|}
|}
An error is thrown by [[#RegisterInternalPki]] when the input value does not match "DeviceClientCertDefault".
= ContextOption =
= ContextOption =
This is the "nn::ssl::sf::ContextOption" / "nn::ssl::Context::ContextOption" enum.
This is "nn::ssl::sf::ContextOption" or "nn::ssl::Context::ContextOption".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 1 ||
| 0 || None
|-
| 1 || CrlImportDateCheckEnable
|}
|}
= CertificateFormat =
= CertificateFormat =
This is the "nn::ssl::sf::CertificateFormat" / "nn::ssl::CertificateFormat" enum.
This is "nn::ssl::sf::CertificateFormat" or "nn::ssl::CertificateFormat".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 1 ||
| 1 || Pem
|-
|-
| 2 ||
| 2 || Der
|}
|}
= VerifyOption =
= VerifyOption =
This is the "nn::ssl::sf::VerifyOption" enum. This is a bitmask.
This is "nn::ssl::sf::VerifyOption". This is a bitmask.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || PeerCa
|-
|-
| 1 ||
| 1 || HostName
|-
|-
| 2 ||
| 2 || DateCheck
|-
|-
| 3 ||
| 3 || EvCertPartial
|-
|-
| 4 || [6.0.0+]
| 4 || [6.0.0+] EvPolicyOid
|-
|-
| 5 || [6.0.0+]
| 5 || [6.0.0+] EvCertFingerprint
|}
|}
Originally ssl-sysmodule ([[#SetVerifyOption]]) just wrote the input field to state. With [5.0.0+] there's now validation for the input, with the value written to state masked with {allowed bitmask}. When [[#SetInterfaceVersion|InterfaceVersion]] is >=0x2, the low 2-bits of VerifyOption must be set, unless {state flag for [[#OptionType]] value 2} is set or [9.0.0+] {bool [[#SetDebugOption|DebugOption]] state flag} is set, otherwise an error is thrown. [6.0.0+]: Following that, if VerifyOption bit4 is set, then VerifyOption & 0x15 must match 0x15 otherwise an error is thrown.
= IoMode =
= IoMode =
This is the "nn::ssl::sf::IoMode" / "nn::ssl::Connection::IoMode" enum.
This is "nn::ssl::sf::IoMode" or "nn::ssl::Connection::IoMode".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 1 ||
| 1 || Blocking
|-
|-
| 2 ||
| 2 || NonBlocking
|}
|}
= PollEvent =
= PollEvent =
This is the "nn::ssl::sf::PollEvent" / "nn::ssl::Connection::PollEvent" enum. This is a bitmask.
This is "nn::ssl::sf::PollEvent" or "nn::ssl::Connection::PollEvent". This is a bitmask.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || Read
|-
|-
| 1 ||
| 1 || Write
|-
|-
| 2 ||
| 2 || Except
|}
|}
= SessionCacheMode =
= SessionCacheMode =
This is the "nn::ssl::sf::SessionCacheMode" / "nn::ssl::Connection::SessionCacheMode" enum.
This is "nn::ssl::sf::SessionCacheMode" or "nn::ssl::Connection::SessionCacheMode".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || None
|-
|-
| 1 ||
| 1 || SessionId
|-
|-
| 2 ||
| 2 || SessionTicket
|}
|}
= RenegotiationMode =
= RenegotiationMode =
This is the "nn::ssl::sf::RenegotiationMode" / "nn::ssl::Connection::RenegotiationMode" enum.
This is "nn::ssl::sf::RenegotiationMode" or "nn::ssl::Connection::RenegotiationMode".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || None
|-
|-
| 1 ||
| 1 || Secure
|}
|}
= OptionType =
= OptionType =
This is the "nn::ssl::sf::OptionType" / "nn::ssl::Connection::OptionType" enum.
This is "nn::ssl::sf::OptionType" or "nn::ssl::Connection::OptionType".
{| class="wikitable" border="1"
|-
! Value
! Description
|-
| 0 || DoNotCloseSocket
|-
| 1 || [3.0.0+] GetServerCertChain
|-
| 2 || [5.0.0+] SkipDefaultVerify
|-
| 3 || [9.0.0+] EnableAlpn
|}
This corresponds to bool flags.
This corresponds to bool flags.
"SkipDefaultVerify" is checked by [[#VerifyOption|SetVerifyOption]] and "EnableAlpn" is only available with [[#SetOption_2|SetOption]].
= AlpnProtoState =
This is "nn::ssl::sf::AlpnProtoState" or "nn::ssl::Connection::AlpnProtoState".
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! Description
! Description
|-
|-
| 0 ||
| 0 || NoSupport
|-
|-
| 1 || [3.0.0+]
| 1 || Negotiated
|-
|-
| 2 || [5.0.0+] This flag is checked by [[#VerifyOption|SetVerifyOption]].
| 2 || NoOverlap
|-
|-
| 3 || [9.0.0+] Only available with [[#SetOption_2|SetOption]].
| 3 || Selected
|-
| 4 || EarlyValue
|}
|}
= CipherInfo =
= CipherInfo =
These have the following structure:
These have the following structure:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
| 0x0
| 0x0
| 0x4
| 0x4
| ID
| Id
|-
|-
| 0x4
| 0x4