[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice
From: |
Nikias Bassen |
Subject: |
Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice |
Date: |
Wed, 24 Nov 2010 06:25:20 +0100 |
Hi,
we found out that the certificate checking is more strict now as it seems. I
have the following question. Using openssl, we do the following:
if (SSL_CTX_use_certificate_file(ssl_ctx,
"/path/to/certificate.pem",
SSL_FILETYPE_PEM) != 1) {
debug_info("WARNING: Could not load RootCertificate");
}
if (SSL_CTX_use_RSAPrivateKey_file(ssl_ctx,
"/path/to/privatekey.pem",
SSL_FILETYPE_PEM) != 1) {
debug_info("WARNING: Could not load RootPrivateKey");
}
What is the equivalent to this when using gnutls?
Thanks
Nikias
On Tue, 23 Nov 2010 10:08:20 +0100
Nikos Mavrogiannopoulos <address@hidden> wrote:
> I'd suggest that you use the priority_set_direct() function. Check the
> examples
> in the gnutls documentation for details. Does gnutls-cli work on the server
> you
> are connecting? What is the output of gnutls-cli-debug?
>
> regards,
> Nikos
>
> On Mon, Nov 22, 2010 at 12:17 AM, Nikias Bassen <address@hidden> wrote:
> > Hi,
> >
> > I'm a leading developer of libimobiledevice (http://libimobiledevice.org/)
> > and
> > we are facing a GnuTLS issue. The lockdown protocol is initializing an SSLv3
> > session and since iOS 4.2 the handshake fails when using GnuTLS. Further
> > investigation showed that the error is GNUTLS_E_FATAL_ALERT_RECEIVED -12,
> > Error: Could not negotiate a supported cipher suite.
> > However, I replaced the appropiate ssl code using OpenSSL and got it
> > working.
> > Debugging output showed that the cipher is AES256-SHA, but surprisingly this
> > is the same cipher that we have with pre-4.2 devices using GnuTLS.
> >
> > We have no clue what might be wrong here as it has been working since 4.2b
> > arrived, so I'd like to ask if anyone here might be able to help us
> > investigating this issue? Tell me what info you need and I'll get it for
> > you.
> >
> > The device is the server and libimobiledevice code the client side of the
> > communication.
> >
> > Our code is here: http://cgit.sukimashita.com/libimobiledevice.git/
> > The SSL code is in src/idevice.c, the handshake is implemented in
> > idevice_connection_enable_ssl(). If you have questions about the code just
> > ask. You can reach us in #libimobiledevice on FreeNode too.
> >
> > Regards,
> > Nikias
> >
> > _______________________________________________
> > Gnutls-devel mailing list
> > address@hidden
> > http://lists.gnu.org/mailman/listinfo/gnutls-devel
> >
>
- iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikias Bassen, 2010/11/21
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/23
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Jeffrey Walton, 2010/11/23
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/23
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Jeffrey Walton, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Jeffrey Walton, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/24
Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice,
Nikias Bassen <=
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikias Bassen, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/24
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikias Bassen, 2010/11/26
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikos Mavrogiannopoulos, 2010/11/27
- Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, Nikias Bassen, 2010/11/27
Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice, almogbh, 2010/11/25