diff options
Diffstat (limited to 'src/idevice.c')
| -rw-r--r-- | src/idevice.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/src/idevice.c b/src/idevice.c index d01aa8f..c656517 100644 --- a/src/idevice.c +++ b/src/idevice.c | |||
| @@ -511,7 +511,7 @@ static ssize_t internal_ssl_read(gnutls_transport_ptr_t transport, char *buffer, | |||
| 511 | 511 | ||
| 512 | debug_info("pre-read client wants %zi bytes", length); | 512 | debug_info("pre-read client wants %zi bytes", length); |
| 513 | 513 | ||
| 514 | recv_buffer = (char *) malloc(sizeof(char) * this_len); | 514 | recv_buffer = (char *)malloc(sizeof(char) * this_len); |
| 515 | 515 | ||
| 516 | /* repeat until we have the full data or an error occurs */ | 516 | /* repeat until we have the full data or an error occurs */ |
| 517 | do { | 517 | do { |
| @@ -637,12 +637,12 @@ static const char *errorstring(int e) | |||
| 637 | /** | 637 | /** |
| 638 | * Internally used gnutls callback function that gets called during handshake. | 638 | * Internally used gnutls callback function that gets called during handshake. |
| 639 | */ | 639 | */ |
| 640 | static int internal_cert_callback (gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) | 640 | static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) |
| 641 | { | 641 | { |
| 642 | int res = -1; | 642 | int res = -1; |
| 643 | gnutls_certificate_type_t type = gnutls_certificate_type_get (session); | 643 | gnutls_certificate_type_t type = gnutls_certificate_type_get(session); |
| 644 | if (type == GNUTLS_CRT_X509) { | 644 | if (type == GNUTLS_CRT_X509) { |
| 645 | ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr (session); | 645 | ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr(session); |
| 646 | if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) { | 646 | if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) { |
| 647 | debug_info("Passing certificate"); | 647 | debug_info("Passing certificate"); |
| 648 | st->type = type; | 648 | st->type = type; |
| @@ -673,15 +673,20 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 673 | 673 | ||
| 674 | idevice_error_t ret = IDEVICE_E_SSL_ERROR; | 674 | idevice_error_t ret = IDEVICE_E_SSL_ERROR; |
| 675 | uint32_t return_me = 0; | 675 | uint32_t return_me = 0; |
| 676 | plist_t pair_record = NULL; | ||
| 677 | |||
| 678 | userpref_read_pair_record(connection->udid, &pair_record); | ||
| 679 | if (!pair_record) { | ||
| 680 | debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); | ||
| 681 | return ret; | ||
| 682 | } | ||
| 676 | 683 | ||
| 677 | #ifdef HAVE_OPENSSL | 684 | #ifdef HAVE_OPENSSL |
| 678 | key_data_t root_cert = { NULL, 0 }; | 685 | key_data_t root_cert = { NULL, 0 }; |
| 679 | key_data_t root_privkey = { NULL, 0 }; | 686 | key_data_t root_privkey = { NULL, 0 }; |
| 680 | 687 | ||
| 681 | userpref_error_t uerr = userpref_device_record_get_keys_and_certs(connection->udid, &root_privkey, &root_cert, NULL, NULL); | 688 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert); |
| 682 | if (uerr != USERPREF_E_SUCCESS) { | 689 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_privkey); |
| 683 | debug_info("Error %d when loading keys and certificates! %d", uerr); | ||
| 684 | } | ||
| 685 | 690 | ||
| 686 | /* Set up OpenSSL */ | 691 | /* Set up OpenSSL */ |
| 687 | if (openssl_init_done == 0) { | 692 | if (openssl_init_done == 0) { |
| @@ -756,7 +761,7 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 756 | errno = 0; | 761 | errno = 0; |
| 757 | gnutls_global_init(); | 762 | gnutls_global_init(); |
| 758 | gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); | 763 | gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); |
| 759 | gnutls_certificate_client_set_retrieve_function (ssl_data_loc->certificate, internal_cert_callback); | 764 | gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); |
| 760 | gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); | 765 | gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); |
| 761 | gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); | 766 | gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); |
| 762 | gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); | 767 | gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); |
| @@ -767,10 +772,10 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) | |||
| 767 | gnutls_x509_privkey_init(&ssl_data_loc->root_privkey); | 772 | gnutls_x509_privkey_init(&ssl_data_loc->root_privkey); |
| 768 | gnutls_x509_privkey_init(&ssl_data_loc->host_privkey); | 773 | gnutls_x509_privkey_init(&ssl_data_loc->host_privkey); |
| 769 | 774 | ||
| 770 | userpref_error_t uerr = userpref_device_record_get_keys_and_certs(connection->udid, ssl_data_loc->root_privkey, ssl_data_loc->root_cert, ssl_data_loc->host_privkey, ssl_data_loc->host_cert); | 775 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, ssl_data_loc->root_cert); |
| 771 | if (uerr != USERPREF_E_SUCCESS) { | 776 | pair_record_import_key_with_name(pair_record, USERPREF_HOST_CERTIFICATE_KEY, ssl_data_loc->host_cert); |
| 772 | debug_info("Error %d when loading keys and certificates! %d", uerr); | 777 | pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, ssl_data_loc->root_privkey); |
| 773 | } | 778 | pair_record_import_key_with_name(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, ssl_data_loc->host_privkey); |
| 774 | 779 | ||
| 775 | debug_info("GnuTLS step 1..."); | 780 | debug_info("GnuTLS step 1..."); |
| 776 | gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection); | 781 | gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection); |