diff options
author | Demyan Kimitsa | 2019-10-10 11:57:06 +0300 |
---|---|---|
committer | Nikias Bassen | 2020-02-20 01:58:42 +0100 |
commit | e52ef954be27fb5a4bf6f7e769c33851483d0e80 (patch) | |
tree | 8b13ae05bb5643bf54106cdab276141210c2b109 | |
parent | 56527f070cefbbddf392ba3897e3318fc2f2db9f (diff) | |
download | libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.gz libimobiledevice-e52ef954be27fb5a4bf6f7e769c33851483d0e80.tar.bz2 |
introduces optional `idevice_connection_disable_ssl` with ability not to send SSL shutdown message. As in debugserver this message will be considered as GDB server communication and break things
-rw-r--r-- | include/libimobiledevice/libimobiledevice.h | 14 | ||||
-rw-r--r-- | include/libimobiledevice/service.h | 11 | ||||
-rw-r--r-- | src/debugserver.c | 2 | ||||
-rw-r--r-- | src/idevice.c | 36 | ||||
-rw-r--r-- | src/service.c | 7 |
5 files changed, 55 insertions, 15 deletions
diff --git a/include/libimobiledevice/libimobiledevice.h b/include/libimobiledevice/libimobiledevice.h index 8bf022a..e0aa518 100644 --- a/include/libimobiledevice/libimobiledevice.h +++ b/include/libimobiledevice/libimobiledevice.h @@ -311,6 +311,20 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection); idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection); /** + * Disable bypass SSL for the given connection without sending out terminate messages. + * + * @param connection The connection to disable SSL for. + * @param sslBypass if true ssl connection will not be terminated but just cleaned up, allowing + * plain text data going on underlying connection + * + * @return IDEVICE_E_SUCCESS on success, IDEVICE_E_INVALID_ARG when connection + * is NULL. This function also returns IDEVICE_E_SUCCESS when SSL is not + * enabled and does no further error checking on cleanup. + */ +idevice_error_t idevice_connection_disable_bypass_ssl(idevice_connection_t connection, uint8_t sslBypass); + + +/** * Get the underlying file descriptor for a connection * * @param connection The connection to get fd of diff --git a/include/libimobiledevice/service.h b/include/libimobiledevice/service.h index 84c5092..13d0e15 100644 --- a/include/libimobiledevice/service.h +++ b/include/libimobiledevice/service.h @@ -168,6 +168,17 @@ service_error_t service_enable_ssl(service_client_t client); */ service_error_t service_disable_ssl(service_client_t client); +/** + * Disable SSL for the given service client without sending SSL terminate messages. + * + * @param client The connected service client for that SSL should be disabled. + * + * @return SERVICE_E_SUCCESS on success, + * SERVICE_E_INVALID_ARG if client or client->connection is + * NULL, or SERVICE_E_UNKNOWN_ERROR otherwise. + */ +service_error_t service_disable_bypass_ssl(service_client_t client, uint8_t sslBypass); + #ifdef __cplusplus } #endif diff --git a/src/debugserver.c b/src/debugserver.c index 0b0d614..447a91e 100644 --- a/src/debugserver.c +++ b/src/debugserver.c @@ -78,7 +78,7 @@ LIBIMOBILEDEVICE_API debugserver_error_t debugserver_client_new(idevice_t device debug_info("Creating base service client failed. Error: %i", ret); return ret; } - service_disable_ssl(parent); + service_disable_bypass_ssl(parent, 1); debugserver_client_t client_loc = (debugserver_client_t) malloc(sizeof(struct debugserver_client_private)); client_loc->parent = parent; diff --git a/src/idevice.c b/src/idevice.c index 6b6a716..10d897f 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -1036,6 +1036,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection) { + return idevice_connection_disable_bypass_ssl(connection, 0); +} + +LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_bypass_ssl(idevice_connection_t connection, uint8_t sslBypass) +{ if (!connection) return IDEVICE_E_INVALID_ARG; if (!connection->ssl_data) { @@ -1043,24 +1048,29 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_disable_ssl(idevice_conn return IDEVICE_E_SUCCESS; } + // some services require plain text communication after SSL handshake + // sending out SSL_shutdown will cause bytes + if (!sslBypass) { #ifdef HAVE_OPENSSL - if (connection->ssl_data->session) { - /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */ - if (SSL_shutdown(connection->ssl_data->session) == 0) { - /* Only try bidirectional shutdown if we know it can complete */ - int ssl_error; - if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) { - SSL_shutdown(connection->ssl_data->session); - } else { - debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error); + if (connection->ssl_data->session) { + /* see: https://www.openssl.org/docs/ssl/SSL_shutdown.html#RETURN_VALUES */ + if (SSL_shutdown(connection->ssl_data->session) == 0) { + /* Only try bidirectional shutdown if we know it can complete */ + int ssl_error; + if ((ssl_error = SSL_get_error(connection->ssl_data->session, 0)) == SSL_ERROR_NONE) { + SSL_shutdown(connection->ssl_data->session); + } else { + debug_info("Skipping bidirectional SSL shutdown. SSL error code: %i\n", ssl_error); + } } } - } #else - if (connection->ssl_data->session) { - gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR); - } + if (connection->ssl_data->session) { + gnutls_bye(connection->ssl_data->session, GNUTLS_SHUT_RDWR); + } #endif + } + internal_ssl_cleanup(connection->ssl_data); free(connection->ssl_data); connection->ssl_data = NULL; diff --git a/src/service.c b/src/service.c index 1b9838d..88132d2 100644 --- a/src/service.c +++ b/src/service.c @@ -188,8 +188,13 @@ LIBIMOBILEDEVICE_API service_error_t service_enable_ssl(service_client_t client) LIBIMOBILEDEVICE_API service_error_t service_disable_ssl(service_client_t client) { + return service_disable_bypass_ssl(client, 0); +} + +LIBIMOBILEDEVICE_API service_error_t service_disable_bypass_ssl(service_client_t client, uint8_t sslBypass) +{ if (!client || !client->connection) return SERVICE_E_INVALID_ARG; - return idevice_to_service_error(idevice_connection_disable_ssl(client->connection)); + return idevice_to_service_error(idevice_connection_disable_bypass_ssl(client->connection, sslBypass)); } |