introduces optional `idevice_connection_disable_ssl` with ability not to send SSL shutdown message. As in debugserver this message will be considered as GDB server communication and break things

author: Demyan Kimitsa 2019-10-10 11:57:06 +0300
committer: Nikias Bassen 2020-02-20 01:58:42 +0100
commit: e52ef954be27fb5a4bf6f7e769c33851483d0e80 (patch)
tree: 8b13ae05bb5643bf54106cdab276141210c2b109 /src
parent: 56527f070cefbbddf392ba3897e3318fc2f2db9f (diff)
download: libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.gz
libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.bz2
3 files changed, 30 insertions, 15 deletions
diff --git a/src/debugserver.c b/src/debugserver.c
index 0b0d614..447a91e 100644
--- a/src/debugserver.c
+++ b/src/debugserver.c
@@ -78,7 +78,7 @@ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_new(idevice_t device
                debug_info("Creating base service client failed. Error: %i", ret);
                return ret;
        }
-        service_disable_ssl(parent);
+        service_disable_bypass_ssl(parent, 1);
        debugserver_client_t client_loc = (debugserver_client_t) malloc(sizeof(struct debugserver_client_private));
        client_loc->parent = parent;
diff --git a/src/idevice.c b/src/idevice.c
index 6b6a716..10d897f 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1036,6 +1036,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection)
 {
+        return idevice_connection_disable_bypass_ssl(connection, 0);
+}
+LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_bypass_ssl(idevice_connection_t connection, uint8_t sslBypass)
+{
        if (!connection)
                return IDEVICE_E_INVALID_ARG;
        if (!connection->ssl_data) {
@@ -1043,24 +1048,29 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_conn
                return IDEVICE_E_SUCCESS;
        }
+        // some services require plain text communication after SSL handshake
+        // sending out SSL_shutdown will cause bytes
+        if (!sslBypass) {
 #ifdef HAVE_OPENSSL
-        if (connection->ssl_data->session) {
+                if (connection->ssl_data->session) {
-                /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */
+                        /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */
-                if (SSL_shutdown(connection->ssl_data->session) == 0) {
+                        if (SSL_shutdown(connection->ssl_data->session) == 0) {
-                        /* Only try bidirectional shutdown if we know it can complete */
+                                /* Only try bidirectional shutdown if we know it can complete */
-                        int ssl_error;
+                                int ssl_error;
-                        if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) {
+                                if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) {
-                                SSL_shutdown(connection->ssl_data->session);
+                                        SSL_shutdown(connection->ssl_data->session);
-                        } else  {
+                                } else  {
-                                debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error);
+                                        debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error);
+                                }
                        }
                }
-        }
 #else
-        if (connection->ssl_data->session) {
+                if (connection->ssl_data->session) {
-                gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR);
+                        gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR);
-        }
+                }
 #endif
+        }
        internal_ssl_cleanup(connection->ssl_data);
        free(connection->ssl_data);
        connection->ssl_data = NULL;
diff --git a/src/service.c b/src/service.c
index 1b9838d..88132d2 100644
--- a/src/service.c
+++ b/src/service.c
@@ -188,8 +188,13 @@ LIBIMOBILEDEVICE_API service_error_t service_enable_ssl(service_client_t client)
 LIBIMOBILEDEVICE_API service_error_t service_disable_ssl(service_client_t client)
 {
+        return service_disable_bypass_ssl(client, 0);
+}
+LIBIMOBILEDEVICE_API service_error_t service_disable_bypass_ssl(service_client_t client, uint8_t sslBypass)
+{
        if (!client || !client->connection)
                return SERVICE_E_INVALID_ARG;
-        return idevice_to_service_error(idevice_connection_disable_ssl(client->connection));
+        return idevice_to_service_error(idevice_connection_disable_bypass_ssl(client->connection, sslBypass));
 }
author	Demyan Kimitsa	2019-10-10 11:57:06 +0300
committer	Nikias Bassen	2020-02-20 01:58:42 +0100
commit	e52ef954be27fb5a4bf6f7e769c33851483d0e80 (patch)
tree	8b13ae05bb5643bf54106cdab276141210c2b109 /src
parent	56527f070cefbbddf392ba3897e3318fc2f2db9f (diff)
download	libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.gz libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.bz2