summaryrefslogtreecommitdiffstats
path: root/lockdown.c
diff options
context:
space:
mode:
Diffstat (limited to 'lockdown.c')
-rw-r--r--lockdown.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/lockdown.c b/lockdown.c
index 5ca6001..45b4245 100644
--- a/lockdown.c
+++ b/lockdown.c
@@ -149,15 +149,16 @@ int lockdownd_start_SSL_session(lockdownd_client *control, const char *HostID) {
149 for (i = 0; strcmp(dictionary[i], ""); i+=2) { 149 for (i = 0; strcmp(dictionary[i], ""); i+=2) {
150 if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) { 150 if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i+1], "Success")) {
151 // Set up GnuTLS... 151 // Set up GnuTLS...
152 //gnutls_anon_client_credentials_t anoncred;
152 gnutls_certificate_credentials_t xcred; 153 gnutls_certificate_credentials_t xcred;
153
154 if (debug) printf("We started the session OK, now trying GnuTLS\n"); 154 if (debug) printf("We started the session OK, now trying GnuTLS\n");
155 errno = 0; 155 errno = 0;
156 gnutls_global_init(); 156 gnutls_global_init();
157 //gnutls_anon_allocate_client_credentials(&anoncred);
157 gnutls_certificate_allocate_credentials(&xcred); 158 gnutls_certificate_allocate_credentials(&xcred);
158 gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM); 159 gnutls_certificate_set_x509_trust_file(xcred, "hostcert.pem", GNUTLS_X509_FMT_PEM);
159 gnutls_init(control->ssl_session, GNUTLS_CLIENT); 160 gnutls_init(control->ssl_session, GNUTLS_CLIENT);
160 if ((return_me = gnutls_priority_set_direct(*control->ssl_session, "NORMAL:+VERS-SSL3.0", NULL)) < 0) { 161 if ((return_me = gnutls_priority_set_direct(*control->ssl_session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+SHA256:+SHA512:+MD5:+COMP-NULL", NULL)) < 0) {
161 printf("oops? bad options?\n"); 162 printf("oops? bad options?\n");
162 gnutls_perror(return_me); 163 gnutls_perror(return_me);
163 return 0; 164 return 0;
@@ -214,6 +215,14 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
214 if (debug) printf("pre-send\nlength = %i\n", length); 215 if (debug) printf("pre-send\nlength = %i\n", length);
215 bytes = mux_send(control->iphone, control->connection, buffer, length); 216 bytes = mux_send(control->iphone, control->connection, buffer, length);
216 if (debug) printf("post-send\nsent %i bytes\n", bytes); 217 if (debug) printf("post-send\nsent %i bytes\n", bytes);
218 if (debug) {
219 FILE *my_ssl_packet = fopen("sslpacketwrite.out", "w+");
220 fwrite(buffer, 1, length, my_ssl_packet);
221 fflush(my_ssl_packet);
222 printf("Wrote SSL packet to drive, too.\n");
223 fclose(my_ssl_packet);
224 }
225
217 return bytes; 226 return bytes;
218} 227}
219 228
@@ -251,11 +260,16 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_
251 } 260 }
252 } 261 }
253 // End buffering hack! 262 // End buffering hack!
254 char *recv_buffer = (char*)malloc(sizeof(char) * (length * 400)); // ensuring nothing stupid happens 263 char *recv_buffer = (char*)malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens
255 264
256 if (debug) printf("pre-read\nclient wants %i bytes\n", length); 265 if (debug) printf("pre-read\nclient wants %i bytes\n", length);
257 bytes = mux_recv(control->iphone, control->connection, recv_buffer, (length * 400)); 266 bytes = mux_recv(control->iphone, control->connection, recv_buffer, (length * 1000));
258 if (debug) printf("post-read\nwe got %i bytes\n", bytes); 267 if (debug) printf("post-read\nwe got %i bytes\n", bytes);
268 if (debug && bytes < 0) {
269 printf("lockdownd_securead(): uh oh\n");
270 printf("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", usb_strerror(), strerror(errno));
271 return bytes + 28; // an errno
272 }
259 if (bytes >= length) { 273 if (bytes >= length) {
260 if (bytes > length) { 274 if (bytes > length) {
261 if (debug) printf("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n"); 275 if (debug) printf("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");