zoogie/nds-constraint
1
Fork 0
mirror of https://github.com/zoogie/nds-constraint.git synced 2025-06-19 03:35:31 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add details

Browse Source
This commit is contained in:
shutterbug2000 2018-10-28 14:30:23 -05:00 committed by GitHub
parent 3412a93cf7
commit 366088185d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -1,2 +1,22 @@
# nds-constrain't
because Nintendo can't do SSL properly
Because Nintendo can't do SSL properly.
# How does this work?
The NDS SDK's SSL library supports something called "cert chains", which is a standard thing that all SSL libs should support.
However, there is a fatal flaw in their implementation: they do not check if a cert is supposed to sign other certs or not (in other words: it doesn't check if it is a CA)
Since we have some Nintendo signed certificates with private keys (client certs from the Wii), we can simply sign with those, and then return them from the server as part of the chain.
# Requirements
The Wii's client cert (nwc.crt and nwc.key in this repo)
A server which supports SSLv3 (harder than it sounds lol)
OpenSSL to generate the certs
# How to make the certs?
```
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA nwc.crt -CAkey nwc.key -CAcreateserial -out server.crt -days 99999 -sha1
```
Copy the server.key and server.crt files to the correct places, and then configure your server to use them.
Additionally, add `SSLCertificateChainFile "nwc.crt"` to your server config.