Welcome! Log In Create A New Profile

Advanced

SSL through IOS support

Posted by Aruskano 
SSL through IOS support
June 18, 2012 11:42PM
I have followed this information about /dev/net/ssl but I'm stuck. I did change inputs/outputs which seems to work.

How do I determine the heap size? I guess using a big value does no harm but what is the proper way to chose a size? Is using iosCreateHeap() correct (do I have to do anything after that)?

I have the very optimistic (it does not check for errors yet) code here: ssl.c and ssl.h on pastebin.

I'm trying to connect to twitter.com following the steps described at the bottom of the /dev/net/ssl page:
-ssl_new() returns 1
-ssl_setbuiltinclient() returns 0
-ssl_setrootca() returns 0
-ssl_connect() returns 0
-ssl_handshake() returns -2

I'm hoping 0 means no errors here! I haven't tried to write or read because I was trying to fix the handshake. ssl_shutdown() returns -1 (?).

I'm guessing the certificate I'm loading is not what the Wii expects but I have no way to find out what is wrong with it. I am loading the VeriSign Class 3 Primary CA - G5 certificate (as I mentioned above I'm trying to connect to twitter.com). The problem is probably here (either I'm loading it with the wrong format or I'm not loading what I should be loading). I downloaded that certificate, converted it to der format with ssl converter and loaded it (raw) to memory.

Am I missing anything obvious?
Thanks

EDIT: This is what I'm using to see the return values and everything: ssltest.zip.

Don't laugh if my errors are stupid ;(



Edited 1 time(s). Last edit at 06/18/2012 11:49PM by Aruskano.
Re: SSL through IOS support
June 19, 2012 06:30AM
It's cool to see someone using this.
The problem is that the code in http.c used to establish the tcp connection sets the socket to non-blocking mode. The SSL API doesn't like that so the handshake fails. I added one line to your sample:
s32 tcp_socket (void) {
	s32 s, res;

	s = net_socket (PF_INET, SOCK_STREAM, 0);
	if (s < 0) {
		debug_printf ("net_socket failed: %d\n", s);
		return s;
	}

	return s; // don't do the non-blocking stuff

	res = net_fcntl (s, F_GETFL, 0);
	if (res < 0) {
		debug_printf ("F_GETFL failed: %d\n", res);
		net_close (s);
		return res;
	}

	res = net_fcntl (s, F_SETFL, res | 4);
	if (res < 0) {
		debug_printf ("F_SETFL failed: %d\n", res);
		net_close (s);
		return res;
	}

	return s;
}
and it works fine.
Keep in mind even though the socket now isn't configured as non-blocking, the SSL_READ and SSL_WRITE functions will perform non-blocking operations i.e. they may read/write less data than what you tell them to.

PS: small bug in your main function, the first VIDEO_SetNextFramebuffer() call was being passed xfb instead of xfb[0], causing a green screen to be displayed.
Re: SSL through IOS support
June 19, 2012 07:49AM
I would have never figured that. This does not seem (after googling around) to be Wii specific but I had no knowledge about this.

That xfb bug was carried from the template of devkitpro's wii examples. I guess it's not noticeable there because the screen updates faster. Green is a cool color so I won't complain...

Thank you very much for these hints and for documenting that page (;

Edit: All the mentioned functions (including ssl_read and ssl_write) are working now I'll add some error handling and upload them tomorrow.

Edit: Code is on wiibrew in case anybody comes here looking for it.



Edited 2 time(s). Last edit at 06/19/2012 08:54PM by Aruskano.
Sorry, only registered users may post in this forum.

Click here to login