#39 ✓resolved
Martin S.

properly detect gnutls errors

Reported by Martin S. | April 22nd, 2009 @ 06:38 PM | in 1.0 Release

After some dumping it still appears that there are some details in the usbmux communication which are not working correctly.

For instance try to send this plist to lockdown:


While it returns a big plist file to iTunes, it fails with libiphone somewhere after receiving the SSL data.

Comments and changes to this ticket

  • Nikias Bassen

    Nikias Bassen April 22nd, 2009 @ 11:03 PM

    Strange thing.... this is what I receive when I send the above plist:

    client wants 5 bytes
    iphone_mux_recv_timeout: received 5 bytes
    0000: 15 03 00 00 20                                    | .... 
    we got 5 bytes
    lockdownd_securead() called
    length = 32
    client wants 32 bytes
    iphone_mux_recv_timeout: received 32 bytes
    0000: b3 a1 48 71 0f 95 cd a7 7f 57 d7 ce 7c c2 22 70   | ..Hq....W..|."p
    0010: 0e fd 16 8d 84 ee 27 28 57 1a 0c 19 20 5b 14 f6   | ......'(W... [..
    we got 32 bytes

    AFAIK the packet type 0x15 (21) denotes some kind of encryption error ("Encrypted Alert")

  • Martin S.

    Martin S. April 23rd, 2009 @ 04:46 PM

    • Tag changed from libiphone, lockdown, ssl, usbmux to gnutls, libiphone, lockdown, ssl, usbmux

    Looking at the dumps again I found out that this plist is actually not send to lockdown but to mobile_installation_proxy, that explains why this fails here (but probably works for mobile_installation_proxy).

    Feel free to close the ticket unless we should detect such type of packet or gnutls error.

  • Nikias Bassen

    Nikias Bassen April 23rd, 2009 @ 08:30 PM

    • Title changed from “Problem receiving secure data in special cases” to “properly detect gnutls errors”

    Well ok ;) that explains why this is a problem.

    However, I think the lockdown implementation needs a way to determine that there's something wrong with SSL as any following operations using SSL will also fail when an 'encrypted alert' occurs. Would be better if ssl-dependent operations (such as start service) could check if the current session is invalid, and then do not try to send any encrypted data at all but return a proper error code.

  • Nikias Bassen

    Nikias Bassen May 19th, 2009 @ 10:47 AM

    • State changed from “new” to “open”

    Here's a patch that makes lockdown check for gnutls errors and let it return IPHONE_E_SSL_ERROR. This should solve problems like the one described above.

    The patch also supresses compiler warnings and removes some commented-out *_mux functions I forgot to remove.

  • Nikias Bassen

    Nikias Bassen May 19th, 2009 @ 10:49 AM

    • Milestone set to 1.0 Release
  • Matt Colyer

    Matt Colyer May 19th, 2009 @ 02:29 PM

    • State changed from “open” to “resolved”

    (from [34b8e4d575876ace41b91fb6e25a5fa9f9290608]) lockdown: Check for gnutls errors and silence compiler warnings. general: Removed some commented-out code.

    [#39 state:resolved]

    Signed-off-by: Matt Colyer matt@colyer.name

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

A project around supporting the iPhone in Linux.

See http://libimobiledevice.org

People watching this ticket


Referenced by