Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice

[Nikias Bassen]

Hi,

that did the trick. The fix for libimobiledevice is in git master now.

Regards,
Nikias

On Sat, 27 Nov 2010 06:07:07 +0100
Nikos Mavrogiannopoulos <address@hidden> wrote:

> On 11/26/2010 09:39 PM, Nikias Bassen wrote:
> 
> >> No. They are functions for the one that wants to use certificate (it can be
> >> either server or client). The only distinction between server and
> >> client in gnutls
> >> is being done in gnutls_init(). Most of the other functions are applicable 
> >> to
> >> both unless they mention otherwise in the description.
> > I made dumps with OpenSSL (succeeding) and GnuTLS (failing) and found out 
> > that
> > the GnuTLS code fails because it can't find a certificate. It sends the
> > following packet to the device, instead of the certificate (like openssl 
> > does)
> 
> If you use gnutls_certificate_set_x509_key_file() then it will send a
> certificate to the server if the server requests a CA that matches the
> one in the certificate (you can check which one the server requested by
> viewing the transaction in wireshark).
> 
> An alternative way, which you can force to send a certificate even if
> the server didn't request one, is by using the certificate callback
> function. See example in:
> http://www.gnu.org/software/gnutls/manual/html_node/Using-a-callback-to-select-the-certificate-to-use.html#Using-a-callback-to-select-the-certificate-to-use
> 
> 
> regards,
> Nikos
>