SceLibSsl

This module implements TLS for the PS Vita in most use cases (including PSN access).

SceLibSsl is a port of RSA BSAFE® Crypto-C Micro Edition. See also the unstripped binaries of RSA BSAFE® Crypto-C Micro Edition.

Notably, WebKit does not seem to use this but it shares the CA list in. CA_LIST.cer includes all the usual root CAs and in addition, 5 SCE signed ROOT CAs. Note that because the SCE root CAs are also used in WebKit and other apps (email for example), it is possible for Sony to do a MITM attack on any of their users. This is a privacy hole for users, but it seems that the same policy is in place in PSP, PS3, and likely PS4 as well. Although CA_LIST.cer is unsigned, just like in later PS3 firmwares, Sony stores the hash of all certificates in SceLibSsl (which itself is signed). This makes impossible a theoretical attack of adding a root CA on an updated PS Vita in order to extract the platform passphrase.

internal_get_ca
Obtains a certificate from. If,  , and   are zero, then get the size of the certificate. Otherwise, load the certificate (PEM) into. The file offset and size in  are hardcoded into the function for each given id pair. There is also a hardcoded list of SHA1 hashes for each certificate that is checked against before returning.