iDevice GnuTLS issue with iOS 4.2 - libimobiledevice

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 27 06:07:07 CET 2010


On 11/26/2010 09:39 PM, Nikias Bassen wrote:

>> No. They are functions for the one that wants to use certificate (it can be
>> either server or client). The only distinction between server and
>> client in gnutls
>> is being done in gnutls_init(). Most of the other functions are applicable to
>> both unless they mention otherwise in the description.
> I made dumps with OpenSSL (succeeding) and GnuTLS (failing) and found out that
> the GnuTLS code fails because it can't find a certificate. It sends the
> following packet to the device, instead of the certificate (like openssl does)

If you use gnutls_certificate_set_x509_key_file() then it will send a
certificate to the server if the server requests a CA that matches the
one in the certificate (you can check which one the server requested by
viewing the transaction in wireshark).

An alternative way, which you can force to send a certificate even if
the server didn't request one, is by using the certificate callback
function. See example in:
http://www.gnu.org/software/gnutls/manual/html_node/Using-a-callback-to-select-the-certificate-to-use.html#Using-a-callback-to-select-the-certificate-to-use


regards,
Nikos




More information about the Gnutls-devel mailing list