summaryrefslogtreecommitdiffstats
path: root/src/idevice.c
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2010-11-27 14:12:57 +0100
committerGravatar Nikias Bassen2010-11-27 14:12:57 +0100
commit363098c083a8cd7acc6ca902c92ecdae0f3ef2fb (patch)
treec22775263249ba165cf3193314ed8649d17f0487 /src/idevice.c
parent139306caebdcc9e4383795227ca3662d484e04d5 (diff)
downloadlibimobiledevice-363098c083a8cd7acc6ca902c92ecdae0f3ef2fb.tar.gz
libimobiledevice-363098c083a8cd7acc6ca902c92ecdae0f3ef2fb.tar.bz2
Fix iOS 4.2 GnuTLS issue by passing a certificate in the handshake
Diffstat (limited to 'src/idevice.c')
-rw-r--r--src/idevice.c50
1 files changed, 48 insertions, 2 deletions
diff --git a/src/idevice.c b/src/idevice.c
index c86b806..39b95c1 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -27,6 +27,7 @@
#include <usbmuxd.h>
#include <gnutls/gnutls.h>
#include "idevice.h"
+#include "userpref.h"
#include "debug.h"
static idevice_event_cb_t event_cb = NULL;
@@ -523,6 +524,40 @@ static void internal_ssl_cleanup(ssl_data_t ssl_data)
if (ssl_data->certificate) {
gnutls_certificate_free_credentials(ssl_data->certificate);
}
+ if (ssl_data->root_cert) {
+ gnutls_x509_crt_deinit(ssl_data->root_cert);
+ }
+ if (ssl_data->host_cert) {
+ gnutls_x509_crt_deinit(ssl_data->host_cert);
+ }
+ if (ssl_data->root_privkey) {
+ gnutls_x509_privkey_deinit(ssl_data->root_privkey);
+ }
+ if (ssl_data->host_privkey) {
+ gnutls_x509_privkey_deinit(ssl_data->host_privkey);
+ }
+}
+
+/**
+ * Internally used gnutls callback function that gets called during handshake.
+ */
+static int internal_cert_callback (gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st)
+{
+ int res = -1;
+ gnutls_certificate_type_t type = gnutls_certificate_type_get (session);
+ if (type == GNUTLS_CRT_X509) {
+ ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr (session);
+ if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) {
+ debug_info("Passing certificate");
+ st->type = type;
+ st->ncerts = 1;
+ st->cert.x509 = &ssl_data->host_cert;
+ st->key.x509 = ssl_data->host_privkey;
+ st->deinit_all = 0;
+ res = 0;
+ }
+ }
+ return res;
}
/**
@@ -549,7 +584,7 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection)
errno = 0;
gnutls_global_init();
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
- gnutls_certificate_set_x509_trust_file(ssl_data_loc->certificate, "hostcert.pem", GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_client_set_retrieve_function (ssl_data_loc->certificate, internal_cert_callback);
gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
{
int protocol_priority[16] = { GNUTLS_SSL3, 0 };
@@ -564,7 +599,18 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection)
gnutls_protocol_set_priority(ssl_data_loc->session, protocol_priority);
gnutls_mac_set_priority(ssl_data_loc->session, mac_priority);
}
- gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); /* this part is killing me. */
+ gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+ gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);
+
+ gnutls_x509_crt_init(&ssl_data_loc->root_cert);
+ gnutls_x509_crt_init(&ssl_data_loc->host_cert);
+ gnutls_x509_privkey_init(&ssl_data_loc->root_privkey);
+ gnutls_x509_privkey_init(&ssl_data_loc->host_privkey);
+
+ userpref_error_t uerr = userpref_get_keys_and_certs(ssl_data_loc->root_privkey, ssl_data_loc->root_cert, ssl_data_loc->host_privkey, ssl_data_loc->host_cert);
+ if (uerr != USERPREF_E_SUCCESS) {
+ debug_info("Error %d when loading keys and certificates! %d", uerr);
+ }
debug_info("GnuTLS step 1...");
gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection);