lockdown/property_list_service: use new SSL code

4 files changed, 55 insertions, 296 deletions

diff --git a/src/lockdown.c b/src/lockdown.c
index 7609426..5568f03 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -123,173 +123,6 @@ static void plist_dict_add_label(plist_t plist, const char *label)
         }
 }
 
-/** gnutls callback for writing data to the device.
- *
- * @param transport It's really the lockdownd client, but the method signature has to match
- * @param buffer The data to send
- * @param length The length of data to send in bytes
- *
- * @return The number of bytes sent
- */
-static ssize_t lockdownd_ssl_write(gnutls_transport_ptr_t transport, char *buffer, size_t length)
-{
-        uint32_t bytes = 0;
-        lockdownd_client_t client;
-        client = (lockdownd_client_t) transport;
-        debug_info("pre-send length = %zi", length);
-        iphone_device_send(property_list_service_get_connection(client->parent), buffer, length, &bytes);
-        debug_info("post-send sent %i bytes", bytes);
-        return bytes;
-}
-
-/** gnutls callback for reading data from the device.
- *
- * @param transport It's really the lockdownd client, but the method signature has to match
- * @param buffer The buffer to store data in
- * @param length The length of data to read in bytes
- *
- * @return The number of bytes read
- */
-static ssize_t lockdownd_ssl_read(gnutls_transport_ptr_t transport, char *buffer, size_t length)
-{
-        int bytes = 0, pos_start_fill = 0;
-        size_t tbytes = 0;
-        int this_len = length;
-        iphone_error_t res;
-        lockdownd_client_t client;
-        client = (lockdownd_client_t) transport;
-        char *recv_buffer;
-
-        debug_info("pre-read client wants %zi bytes", length);
-
-        recv_buffer = (char *) malloc(sizeof(char) * this_len);
-
-        /* repeat until we have the full data or an error occurs */
-        do {
-                if ((res = iphone_device_recv(property_list_service_get_connection(client->parent), recv_buffer, this_len, (uint32_t*)&bytes)) != LOCKDOWN_E_SUCCESS) {
-                        debug_info("ERROR: iphone_device_recv returned %d", res);
-                        return res;
-                }
-                debug_info("post-read we got %i bytes", bytes);
-
-                // increase read count
-                tbytes += bytes;
-
-                // fill the buffer with what we got right now
-                memcpy(buffer + pos_start_fill, recv_buffer, bytes);
-                pos_start_fill += bytes;
-
-                if (tbytes >= length) {
-                        break;
-                }
-
-                this_len = length - tbytes;
-                debug_info("re-read trying to read missing %i bytes", this_len);
-        } while (tbytes < length);
-
-        if (recv_buffer) {
-                free(recv_buffer);
-        }
-
-        return tbytes;
-}
-
-/** Starts communication with lockdownd after the iPhone has been paired,
- *  and if the device requires it, switches to SSL mode.
- *
- * @param client The lockdownd client
- *
- * @return an error code (LOCKDOWN_E_SUCCESS on success)
- */
-static lockdownd_error_t lockdownd_ssl_start_session(lockdownd_client_t client)
-{
-        lockdownd_error_t ret = LOCKDOWN_E_SSL_ERROR;
-        uint32_t return_me = 0;
-
-        // Set up GnuTLS...
-        debug_info("enabling SSL mode");
-        errno = 0;
-        gnutls_global_init();
-        gnutls_certificate_allocate_credentials(&client->ssl_certificate);
-        gnutls_certificate_set_x509_trust_file(client->ssl_certificate, "hostcert.pem", GNUTLS_X509_FMT_PEM);
-        gnutls_init(&client->ssl_session, GNUTLS_CLIENT);
-        {
-                int protocol_priority[16] = { GNUTLS_SSL3, 0 };
-                int kx_priority[16] = { GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA, 0 };
-                int cipher_priority[16] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, 0 };
-                int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
-                int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
-
-                gnutls_cipher_set_priority(client->ssl_session, cipher_priority);
-                gnutls_compression_set_priority(client->ssl_session, comp_priority);
-                gnutls_kx_set_priority(client->ssl_session, kx_priority);
-                gnutls_protocol_set_priority(client->ssl_session, protocol_priority);
-                gnutls_mac_set_priority(client->ssl_session, mac_priority);
-        }
-        gnutls_credentials_set(client->ssl_session, GNUTLS_CRD_CERTIFICATE, client->ssl_certificate);   // this part is killing me.
-
-        debug_info("GnuTLS step 1...");
-        gnutls_transport_set_ptr(client->ssl_session, (gnutls_transport_ptr_t) client);
-        debug_info("GnuTLS step 2...");
-        gnutls_transport_set_push_function(client->ssl_session, (gnutls_push_func) & lockdownd_ssl_write);
-        debug_info("GnuTLS step 3...");
-        gnutls_transport_set_pull_function(client->ssl_session, (gnutls_pull_func) & lockdownd_ssl_read);
-        debug_info("GnuTLS step 4 -- now handshaking...");
-        if (errno)
-                debug_info("WARN: errno says %s before handshake!", strerror(errno));
-        return_me = gnutls_handshake(client->ssl_session);
-        debug_info("GnuTLS handshake done...");
-
-        if (return_me != GNUTLS_E_SUCCESS) {
-                debug_info("GnuTLS reported something wrong.");
-                gnutls_perror(return_me);
-                debug_info("oh.. errno says %s", strerror(errno));
-        } else {
-                client->ssl_enabled = 1;
-                ret = LOCKDOWN_E_SUCCESS;
-                debug_info("SSL mode enabled");
-        }
-
-        return ret;
-}
-
-/**
- * Shuts down the SSL session by performing a close notify, which is done
- * by "gnutls_bye".
- *
- * @param client The lockdown client
- *
- * @return an error code (LOCKDOWN_E_SUCCESS on success)
- */
-static lockdownd_error_t lockdownd_ssl_stop_session(lockdownd_client_t client)
-{
-        if (!client) {
-                debug_info("invalid argument!");
-                return LOCKDOWN_E_INVALID_ARG;
-        }
-        lockdownd_error_t ret = LOCKDOWN_E_SUCCESS;
-
-        if (client->ssl_enabled) {
-                debug_info("sending SSL close notify");
-                gnutls_bye(client->ssl_session, GNUTLS_SHUT_RDWR);
-        }
-        if (client->ssl_session) {
-                gnutls_deinit(client->ssl_session);
-        }
-        if (client->ssl_certificate) {
-                gnutls_certificate_free_credentials(client->ssl_certificate);
-        }
-        client->ssl_enabled = 0;
-
-        if (client->session_id)
-                free(client->session_id);
-        client->session_id = NULL;
-
-        debug_info("SSL mode disabled");
-
-        return ret;
-}
-
 /**
  * Closes the lockdownd communication session, by sending the StopSession
  * Request to the device.
@@ -339,10 +172,9 @@ lockdownd_error_t lockdownd_stop_session(lockdownd_client_t client, const char *
         }
         plist_free(dict);
         dict = NULL;
-
-        /* stop ssl session */
-        lockdownd_ssl_stop_session(client);
-
+        if (client->ssl_enabled) {
+                property_list_service_disable_ssl(client->parent);
+        }
         return ret;
 }
 
@@ -411,16 +243,9 @@ lockdownd_error_t lockdownd_recv(lockdownd_client_t client, plist_t *plist)
         lockdownd_error_t ret = LOCKDOWN_E_SUCCESS;
         property_list_service_error_t err;
 
-        if (!client->ssl_enabled) {
-                err = property_list_service_receive_plist(client->parent, plist);
-                if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
-                        ret = LOCKDOWN_E_UNKNOWN_ERROR;
-                }
-        } else {
-                err = property_list_service_receive_encrypted_plist(client->ssl_session, plist);
-                if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
-                        return LOCKDOWN_E_SSL_ERROR;
-                }
+        err = property_list_service_receive_plist(client->parent, plist);
+        if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
+                ret = LOCKDOWN_E_UNKNOWN_ERROR;
         }
 
         if (!*plist)
@@ -447,16 +272,9 @@ lockdownd_error_t lockdownd_send(lockdownd_client_t client, plist_t plist)
         lockdownd_error_t ret = LOCKDOWN_E_SUCCESS;
         iphone_error_t err;
 
-        if (!client->ssl_enabled) {
-                err = property_list_service_send_xml_plist(client->parent, plist);
-                if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
-                        ret = LOCKDOWN_E_UNKNOWN_ERROR;
-                }
-        } else {
-                err = property_list_service_send_encrypted_xml_plist(client->ssl_session, plist);
-                if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
-                        ret = LOCKDOWN_E_SSL_ERROR;
-                }
+        err = property_list_service_send_xml_plist(client->parent, plist);
+        if (err != PROPERTY_LIST_SERVICE_E_SUCCESS) {
+                ret = LOCKDOWN_E_UNKNOWN_ERROR;
         }
         return ret;
 }
@@ -775,8 +593,6 @@ lockdownd_error_t lockdownd_client_new(iphone_device_t device, lockdownd_client_
 
         lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_int));
         client_loc->parent = plistclient;
-        client_loc->ssl_session = NULL;
-        client_loc->ssl_certificate = NULL;
         client_loc->ssl_enabled = 0;
         client_loc->session_id = NULL;
         client_loc->uuid = NULL;
@@ -848,8 +664,7 @@ lockdownd_error_t lockdownd_client_new_with_handshake(iphone_device_t device, lo
         if (LOCKDOWN_E_SUCCESS == ret) {
                 ret = lockdownd_start_session(client_loc, host_id, NULL, NULL);
                 if (LOCKDOWN_E_SUCCESS != ret) {
-                        ret = LOCKDOWN_E_SSL_ERROR;
-                        debug_info("SSL Session opening failed.");
+                        debug_info("Session opening failed.");
                 }
 
                 if (host_id) {
@@ -1313,7 +1128,10 @@ lockdownd_error_t lockdownd_start_session(lockdownd_client_t client, const char
                 }
                 debug_info("Enable SSL Session: %s", (use_ssl?"true":"false"));
                 if (use_ssl) {
-                        ret = lockdownd_ssl_start_session(client);
+                        ret = property_list_service_enable_ssl(client->parent);
+                        if (ret == PROPERTY_LIST_SERVICE_E_SUCCESS) {
+                                client->ssl_enabled = 1;
+                        }
                 } else {
                         client->ssl_enabled = 0;
                         ret = LOCKDOWN_E_SUCCESS;
diff --git a/src/lockdown.h b/src/lockdown.h
index 9da3872..82ea01f 100644
--- a/src/lockdown.h
+++ b/src/lockdown.h
@@ -30,8 +30,6 @@
 
 struct lockdownd_client_int {
         property_list_service_client_t parent;
-        gnutls_session_t ssl_session;
-        gnutls_certificate_credentials_t ssl_certificate;
         int ssl_enabled;
         char *session_id;
         char *uuid;
diff --git a/src/property_list_service.c b/src/property_list_service.c
index e39c7bb..b4c2f44 100644
--- a/src/property_list_service.c
+++ b/src/property_list_service.c
@@ -43,6 +43,8 @@ static property_list_service_error_t iphone_to_property_list_service_error(iphon
                         return PROPERTY_LIST_SERVICE_E_SUCCESS;
                 case IPHONE_E_INVALID_ARG:
                         return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
+                case IPHONE_E_SSL_ERROR:
+                        return PROPERTY_LIST_SERVICE_E_SSL_ERROR;
                 default:
                         break;
         }
@@ -106,12 +108,8 @@ property_list_service_error_t property_list_service_client_free(property_list_se
  * Internally used generic plist send function.
  *
  * @param client The property list service client to use for sending.
- *      Can be NULL if ssl_session is non-NULL.
  * @param plist plist to send
  * @param binary 1 = send binary plist, 0 = send xml plist
- * @param ssl_session If set to NULL, the communication will be unencrypted.
- *      For encrypted communication, pass a valid and properly initialized
- *      gnutls_session_t. client is ignored when ssl_session is non-NULL.
  *
  * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
  *      PROPERTY_LIST_SERVICE_E_INVALID_ARG when one or more parameters are
@@ -119,7 +117,7 @@ property_list_service_error_t property_list_service_client_free(property_list_se
  *      plist, or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR when an unspecified
  *      error occurs.
  */
-static property_list_service_error_t internal_plist_send(property_list_service_client_t client, plist_t plist, int binary, gnutls_session_t ssl_session)
+static property_list_service_error_t internal_plist_send(property_list_service_client_t client, plist_t plist, int binary)
 {
         property_list_service_error_t res = PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR;
         char *content = NULL;
@@ -127,7 +125,7 @@ static property_list_service_error_t internal_plist_send(property_list_service_c
         uint32_t nlen = 0;
         int bytes = 0;
 
-        if ((!client && !ssl_session) || (client && !client->connection) || !plist) {
+        if (!client || (client && !client->connection) || !plist) {
                 return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
         }
 
@@ -143,17 +141,9 @@ static property_list_service_error_t internal_plist_send(property_list_service_c
 
         nlen = htonl(length);
         debug_info("sending %d bytes", length);
-        if (ssl_session) {
-                bytes = gnutls_record_send(ssl_session, (const char*)&nlen, sizeof(nlen));
-        } else {
-                iphone_device_send(client->connection, (const char*)&nlen, sizeof(nlen), (uint32_t*)&bytes);
-        }
+        iphone_device_send(client->connection, (const char*)&nlen, sizeof(nlen), (uint32_t*)&bytes);
         if (bytes == sizeof(nlen)) {
-                if (ssl_session) {
-                        bytes = gnutls_record_send(ssl_session, content, length);
-                } else {
-                        iphone_device_send(client->connection, content, length, (uint32_t*)&bytes);
-                }
+                iphone_device_send(client->connection, content, length, (uint32_t*)&bytes);
                 if (bytes > 0) {
                         debug_info("sent %d bytes", bytes);
                         debug_buffer(content, bytes);
@@ -186,7 +176,7 @@ static property_list_service_error_t internal_plist_send(property_list_service_c
  */
 property_list_service_error_t property_list_service_send_xml_plist(property_list_service_client_t client, plist_t plist)
 {
-        return internal_plist_send(client, plist, 0, NULL);
+        return internal_plist_send(client, plist, 0);
 }
 
 /**
@@ -202,39 +192,7 @@ property_list_service_error_t property_list_service_send_xml_plist(property_list
  */
 property_list_service_error_t property_list_service_send_binary_plist(property_list_service_client_t client, plist_t plist)
 {
-        return internal_plist_send(client, plist, 1, NULL);
-}
-
-/**
- * Sends an encrypted XML plist.
- *
- * @param ssl_session Valid and properly initialized gnutls_session_t.
- * @param plist plist to send
- *
- * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
- *      PROPERTY_LIST_SERVICE_E_INVALID_ARG when ssl_session or plist is NULL
- *      PROPERTY_LIST_SERVICE_E_PLIST_ERROR when dict is not a valid plist,
- *      or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR when an unspecified error occurs.
- */
-property_list_service_error_t property_list_service_send_encrypted_xml_plist(gnutls_session_t ssl_session, plist_t plist)
-{
-        return internal_plist_send(NULL, plist, 0, ssl_session);
-}
-
-/**
- * Sends an encrypted binary plist.
- *
- * @param ssl_session Valid and properly initialized gnutls_session_t.
- * @param plist plist to send
- *
- * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
- *      PROPERTY_LIST_SERVICE_E_INVALID_ARG when ssl_session or plist is NULL,
- *      PROPERTY_LIST_SERVICE_E_PLIST_ERROR when dict is not a valid plist,
- *      or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR when an unspecified error occurs.
- */
-property_list_service_error_t property_list_service_send_encrypted_binary_plist(gnutls_session_t ssl_session, plist_t plist)
-{
-        return internal_plist_send(NULL, plist, 1, ssl_session);
+        return internal_plist_send(client, plist, 1);
 }
 
 /**
@@ -244,36 +202,26 @@ property_list_service_error_t property_list_service_send_encrypted_binary_plist(
  * @param client The property list service client to use for receiving
  * @param plist pointer to a plist_t that will point to the received plist
  *      upon successful return
- * @param timeout Maximum time in milliseconds to wait for data. This parameter
- *      is ignored when ssl_session is not NULL (i.e. encrypted communication is
- *      used). A timeout has to be implemented inside the functions passed to
- *      gnutls_transport_set_push_function / gnutls_transport_set_pull_function.
- * @param ssl_session If set to NULL, the communication will be unencrypted.
- *      For encrypted communication, pass a valid and properly initialized
- *      gnutls_session_t.
+ * @param timeout Maximum time in milliseconds to wait for data.
  *
  * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
  *      PROPERTY_LIST_SERVICE_E_INVALID_ARG when client or *plist is NULL,
  *      PROPERTY_LIST_SERVICE_E_PLIST_ERROR when the received data cannot be
  *      converted to a plist, PROPERTY_LIST_SERVICE_E_MUX_ERROR when a
- *      communication error occurs, or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR when
- *      an unspecified error occurs.
+ *      communication error occurs, or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR
+ *      when an unspecified error occurs.
  */
-static property_list_service_error_t internal_plist_recv_timeout(property_list_service_client_t client, plist_t *plist, unsigned int timeout, gnutls_session_t ssl_session)
+static property_list_service_error_t internal_plist_recv_timeout(property_list_service_client_t client, plist_t *plist, unsigned int timeout)
 {
         property_list_service_error_t res = PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR;
         uint32_t pktlen = 0;
         uint32_t bytes = 0;
 
-        if ((!client && !ssl_session) || (client && !client->connection) || !plist) {
+        if (!client || (client && !client->connection) || !plist) {
                 return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
         }
 
-        if (ssl_session) {
-                bytes = gnutls_record_recv(ssl_session, (char*)&pktlen, sizeof(pktlen));
-        } else {
-                iphone_device_recv_timeout(client->connection, (char*)&pktlen, sizeof(pktlen), &bytes, timeout);
-        }
+        iphone_device_recv_timeout(client->connection, (char*)&pktlen, sizeof(pktlen), &bytes, timeout);
         debug_info("initial read=%i", bytes);
         if (bytes < 4) {
                 debug_info("initial read failed!");
@@ -287,11 +235,7 @@ static property_list_service_error_t internal_plist_recv_timeout(property_list_s
                         content = (char*)malloc(pktlen);
 
                         while (curlen < pktlen) {
-                                if (ssl_session) {
-                                        bytes = gnutls_record_recv(ssl_session, content+curlen, pktlen-curlen);
-                                } else {
-                                        iphone_device_recv(client->connection, content+curlen, pktlen-curlen, &bytes);
-                                }
+                                iphone_device_recv(client->connection, content+curlen, pktlen-curlen, &bytes);
                                 if (bytes <= 0) {
                                         res = PROPERTY_LIST_SERVICE_E_MUX_ERROR;
                                         break;
@@ -338,7 +282,7 @@ static property_list_service_error_t internal_plist_recv_timeout(property_list_s
  */
 property_list_service_error_t property_list_service_receive_plist_with_timeout(property_list_service_client_t client, plist_t *plist, unsigned int timeout)
 {
-        return internal_plist_recv_timeout(client, plist, timeout, NULL);
+        return internal_plist_recv_timeout(client, plist, timeout);
 }
 
 /**
@@ -362,41 +306,41 @@ property_list_service_error_t property_list_service_receive_plist_with_timeout(p
  */
 property_list_service_error_t property_list_service_receive_plist(property_list_service_client_t client, plist_t *plist)
 {
-        return internal_plist_recv_timeout(client, plist, 10000, NULL);
+        return internal_plist_recv_timeout(client, plist, 10000);
 }
 
 /**
- * Receives an encrypted plist.
- * Binary or XML plists are automatically handled.
- * This function is like property_list_service_receive_encrypted_plist_with_timeout
- *   with a timeout value of 10 seconds.
+ * Enable SSL for the given property list service client.
  *
- * @param ssl_session Valid and properly initialized gnutls_session_t.
- * @param plist pointer to a plist_t that will point to the received plist
- *              upon successful return
+ * @param client The connected property list service client for which SSL
+ *     should be enabled.
  *
  * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
- *      PROPERTY_LIST_SERVICE_E_INVALID_ARG when ssl_session or *plist is NULL,
- *      PROPERTY_LIST_SERVICE_E_PLIST_ERROR when the received data cannot be
- *      converted to a plist, PROPERTY_LIST_SERVICE_E_MUX_ERROR when a
- *      communication error occurs, or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR when
- *      an unspecified error occurs.
+ *     PROPERTY_LIST_SERVICE_E_INVALID_ARG if client or client->connection is
+ *     NULL, PROPERTY_LIST_SERVICE_E_SSL_ERROR when SSL could not be enabled,
+ *     or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR otherwise.
  */
-property_list_service_error_t property_list_service_receive_encrypted_plist(gnutls_session_t ssl_session, plist_t *plist)
+property_list_service_error_t property_list_service_enable_ssl(property_list_service_client_t client)
 {
-        return internal_plist_recv_timeout(NULL, plist, 10000, ssl_session);
+        if (!client || !client->connection)
+                return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
+        return iphone_to_property_list_service_error(iphone_connection_enable_ssl(client->connection));
 }
 
 /**
- * Getter for the iphone_connection_t used by this client.
+ * Disable SSL for the given property list service client.
  *
- * @param client The property list service client to get the connection for.
+ * @param client The connected property list service client for which SSL
+ *     should be disabled.
  *
- * @return The connection used by client.
+ * @return PROPERTY_LIST_SERVICE_E_SUCCESS on success,
+ *     PROPERTY_LIST_SERVICE_E_INVALID_ARG if client or client->connection is
+ *     NULL, or PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR otherwise.
  */
-iphone_connection_t property_list_service_get_connection(property_list_service_client_t client)
+property_list_service_error_t property_list_service_disable_ssl(property_list_service_client_t client)
 {
-        if (!client)
-                return NULL;
-        return client->connection;
+        if (!client || !client->connection)
+                return PROPERTY_LIST_SERVICE_E_INVALID_ARG;
+        return iphone_to_property_list_service_error(iphone_connection_disable_ssl(client->connection));
 }
+
diff --git a/src/property_list_service.h b/src/property_list_service.h
index 39d4a0c..bc3122b 100644
--- a/src/property_list_service.h
+++ b/src/property_list_service.h
@@ -28,6 +28,7 @@
 #define PROPERTY_LIST_SERVICE_E_INVALID_ARG           -1
 #define PROPERTY_LIST_SERVICE_E_PLIST_ERROR           -2
 #define PROPERTY_LIST_SERVICE_E_MUX_ERROR             -3
+#define PROPERTY_LIST_SERVICE_E_SSL_ERROR             -4
 
 #define PROPERTY_LIST_SERVICE_E_UNKNOWN_ERROR       -256
 
@@ -46,15 +47,13 @@ property_list_service_error_t property_list_service_client_free(property_list_se
 /* sending */
 property_list_service_error_t property_list_service_send_xml_plist(property_list_service_client_t client, plist_t plist);
 property_list_service_error_t property_list_service_send_binary_plist(property_list_service_client_t client, plist_t plist);
-property_list_service_error_t property_list_service_send_encrypted_xml_plist(gnutls_session_t ssl_session, plist_t plist);
-property_list_service_error_t property_list_service_send_encrypted_binary_plist(gnutls_session_t ssl_session, plist_t plist);
 
 /* receiving */
 property_list_service_error_t property_list_service_receive_plist_with_timeout(property_list_service_client_t client, plist_t *plist, unsigned int timeout);
 property_list_service_error_t property_list_service_receive_plist(property_list_service_client_t client, plist_t *plist);
-property_list_service_error_t property_list_service_receive_encrypted_plist(gnutls_session_t ssl_session, plist_t *plist);
 
 /* misc */
-iphone_connection_t property_list_service_get_connection(property_list_service_client_t client);
+property_list_service_error_t property_list_service_enable_ssl(property_list_service_client_t client);
+property_list_service_error_t property_list_service_disable_ssl(property_list_service_client_t client);
 
 #endif