summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/libimobiledevice/libimobiledevice.h14
-rw-r--r--include/libimobiledevice/service.h11
-rw-r--r--src/debugserver.c2
-rw-r--r--src/idevice.c36
-rw-r--r--src/service.c7
5 files changed, 55 insertions, 15 deletions
diff --git a/include/libimobiledevice/libimobiledevice.h b/include/libimobiledevice/libimobiledevice.h
index 8bf022a..e0aa518 100644
--- a/include/libimobiledevice/libimobiledevice.h
+++ b/include/libimobiledevice/libimobiledevice.h
@@ -311,6 +311,20 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection);
311idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection); 311idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection);
312 312
313/** 313/**
314 * Disable bypass SSL for the given connection without sending out terminate messages.
315 *
316 * @param connection The connection to disable SSL for.
317 * @param sslBypass if true ssl connection will not be terminated but just cleaned up, allowing
318 * plain text data going on underlying connection
319 *
320 * @return IDEVICE_E_SUCCESS on success, IDEVICE_E_INVALID_ARG when connection
321 * is NULL. This function also returns IDEVICE_E_SUCCESS when SSL is not
322 * enabled and does no further error checking on cleanup.
323 */
324idevice_error_t idevice_connection_disable_bypass_ssl(idevice_connection_t connection, uint8_t sslBypass);
325
326
327/**
314 * Get the underlying file descriptor for a connection 328 * Get the underlying file descriptor for a connection
315 * 329 *
316 * @param connection The connection to get fd of 330 * @param connection The connection to get fd of
diff --git a/include/libimobiledevice/service.h b/include/libimobiledevice/service.h
index 84c5092..13d0e15 100644
--- a/include/libimobiledevice/service.h
+++ b/include/libimobiledevice/service.h
@@ -168,6 +168,17 @@ service_error_t service_enable_ssl(service_client_t client);
168 */ 168 */
169service_error_t service_disable_ssl(service_client_t client); 169service_error_t service_disable_ssl(service_client_t client);
170 170
171/**
172 * Disable SSL for the given service client without sending SSL terminate messages.
173 *
174 * @param client The connected service client for that SSL should be disabled.
175 *
176 * @return SERVICE_E_SUCCESS on success,
177 * SERVICE_E_INVALID_ARG if client or client->connection is
178 * NULL, or SERVICE_E_UNKNOWN_ERROR otherwise.
179 */
180service_error_t service_disable_bypass_ssl(service_client_t client, uint8_t sslBypass);
181
171#ifdef __cplusplus 182#ifdef __cplusplus
172} 183}
173#endif 184#endif
diff --git a/src/debugserver.c b/src/debugserver.c
index 0b0d614..447a91e 100644
--- a/src/debugserver.c
+++ b/src/debugserver.c
@@ -78,7 +78,7 @@ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_new(idevice_t device
78 debug_info("Creating base service client failed. Error: %i", ret); 78 debug_info("Creating base service client failed. Error: %i", ret);
79 return ret; 79 return ret;
80 } 80 }
81 service_disable_ssl(parent); 81 service_disable_bypass_ssl(parent, 1);
82 82
83 debugserver_client_t client_loc = (debugserver_client_t) malloc(sizeof(struct debugserver_client_private)); 83 debugserver_client_t client_loc = (debugserver_client_t) malloc(sizeof(struct debugserver_client_private));
84 client_loc->parent = parent; 84 client_loc->parent = parent;
diff --git a/src/idevice.c b/src/idevice.c
index 6b6a716..10d897f 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1036,6 +1036,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
1036 1036
1037LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection) 1037LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection)
1038{ 1038{
1039 return idevice_connection_disable_bypass_ssl(connection, 0);
1040}
1041
1042LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_bypass_ssl(idevice_connection_t connection, uint8_t sslBypass)
1043{
1039 if (!connection) 1044 if (!connection)
1040 return IDEVICE_E_INVALID_ARG; 1045 return IDEVICE_E_INVALID_ARG;
1041 if (!connection->ssl_data) { 1046 if (!connection->ssl_data) {
@@ -1043,24 +1048,29 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_conn
1043 return IDEVICE_E_SUCCESS; 1048 return IDEVICE_E_SUCCESS;
1044 } 1049 }
1045 1050
1051 // some services require plain text communication after SSL handshake
1052 // sending out SSL_shutdown will cause bytes
1053 if (!sslBypass) {
1046#ifdef HAVE_OPENSSL 1054#ifdef HAVE_OPENSSL
1047 if (connection->ssl_data->session) { 1055 if (connection->ssl_data->session) {
1048 /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */ 1056 /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */
1049 if (SSL_shutdown(connection->ssl_data->session) == 0) { 1057 if (SSL_shutdown(connection->ssl_data->session) == 0) {
1050 /* Only try bidirectional shutdown if we know it can complete */ 1058 /* Only try bidirectional shutdown if we know it can complete */
1051 int ssl_error; 1059 int ssl_error;
1052 if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) { 1060 if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) {
1053 SSL_shutdown(connection->ssl_data->session); 1061 SSL_shutdown(connection->ssl_data->session);
1054 } else { 1062 } else {
1055 debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error); 1063 debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error);
1064 }
1056 } 1065 }
1057 } 1066 }
1058 }
1059#else 1067#else
1060 if (connection->ssl_data->session) { 1068 if (connection->ssl_data->session) {
1061 gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR); 1069 gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR);
1062 } 1070 }
1063#endif 1071#endif
1072 }
1073
1064 internal_ssl_cleanup(connection->ssl_data); 1074 internal_ssl_cleanup(connection->ssl_data);
1065 free(connection->ssl_data); 1075 free(connection->ssl_data);
1066 connection->ssl_data = NULL; 1076 connection->ssl_data = NULL;
diff --git a/src/service.c b/src/service.c
index 1b9838d..88132d2 100644
--- a/src/service.c
+++ b/src/service.c
@@ -188,8 +188,13 @@ LIBIMOBILEDEVICE_API service_error_t service_enable_ssl(service_client_t client)
188 188
189LIBIMOBILEDEVICE_API service_error_t service_disable_ssl(service_client_t client) 189LIBIMOBILEDEVICE_API service_error_t service_disable_ssl(service_client_t client)
190{ 190{
191 return service_disable_bypass_ssl(client, 0);
192}
193
194LIBIMOBILEDEVICE_API service_error_t service_disable_bypass_ssl(service_client_t client, uint8_t sslBypass)
195{
191 if (!client || !client->connection) 196 if (!client || !client->connection)
192 return SERVICE_E_INVALID_ARG; 197 return SERVICE_E_INVALID_ARG;
193 return idevice_to_service_error(idevice_connection_disable_ssl(client->connection)); 198 return idevice_to_service_error(idevice_connection_disable_bypass_ssl(client->connection, sslBypass));
194} 199}
195 200
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics