diff options
| author |  Nikias Bassen | 2023-01-11 03:59:10 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2023-01-11 03:59:10 +0100 |
| commit | 8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d (patch) | |
| tree | 807237d1ee65d377299bbdcd38541dad0493c49f | |
| parent | 7a8e432e9b492bd3e800861f435d1bbe751076b0 (diff) | |
| download | libimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.gz libimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.bz2 | |
idevice: Simplify TLS version selection code for older devices
Turns out that SSL_CTX_set_options does *not* clear options that
have been set before.
| -rw-r--r-- | src/idevice.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/idevice.c b/src/idevice.c index 5930db9..a3c258f 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -1190,15 +1190,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne /* force use of TLSv1 for older devices */ if (connection->device->version < DEVICE_VERSION(10,0,0)) { #ifdef SSL_OP_NO_TLSv1_1 - long opts = SSL_CTX_get_options(ssl_ctx); - opts |= SSL_OP_NO_TLSv1_1; + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); +#endif #ifdef SSL_OP_NO_TLSv1_2 - opts |= SSL_OP_NO_TLSv1_2; + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); #endif #ifdef SSL_OP_NO_TLSv1_3 - opts |= SSL_OP_NO_TLSv1_3; -#endif - SSL_CTX_set_options(ssl_ctx, opts); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); #endif } #else |