iDevice GnuTLS issue with iOS 4.2 - libimobiledevice

Nikias Bassen nikias at
Sat Nov 27 15:20:28 CET 2010


that did the trick. The fix for libimobiledevice is in git master now.


On Sat, 27 Nov 2010 06:07:07 +0100
Nikos Mavrogiannopoulos <nmav at> wrote:

> On 11/26/2010 09:39 PM, Nikias Bassen wrote:
> >> No. They are functions for the one that wants to use certificate (it can be
> >> either server or client). The only distinction between server and
> >> client in gnutls
> >> is being done in gnutls_init(). Most of the other functions are applicable to
> >> both unless they mention otherwise in the description.
> > I made dumps with OpenSSL (succeeding) and GnuTLS (failing) and found out that
> > the GnuTLS code fails because it can't find a certificate. It sends the
> > following packet to the device, instead of the certificate (like openssl does)
> If you use gnutls_certificate_set_x509_key_file() then it will send a
> certificate to the server if the server requests a CA that matches the
> one in the certificate (you can check which one the server requested by
> viewing the transaction in wireshark).
> An alternative way, which you can force to send a certificate even if
> the server didn't request one, is by using the certificate callback
> function. See example in:
> regards,
> Nikos

More information about the Gnutls-devel mailing list