summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2023-01-11 03:59:10 +0100
committerGravatar Nikias Bassen2023-01-11 03:59:10 +0100
commit8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d (patch)
tree807237d1ee65d377299bbdcd38541dad0493c49f
parent7a8e432e9b492bd3e800861f435d1bbe751076b0 (diff)
downloadlibimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.gz
libimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.bz2
idevice: Simplify TLS version selection code for older devices
Turns out that SSL_CTX_set_options does *not* clear options that have been set before.
-rw-r--r--src/idevice.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/idevice.c b/src/idevice.c
index 5930db9..a3c258f 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1190,15 +1190,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
/* force use of TLSv1 for older devices */
if (connection->device->version < DEVICE_VERSION(10,0,0)) {
#ifdef SSL_OP_NO_TLSv1_1
- long opts = SSL_CTX_get_options(ssl_ctx);
- opts |= SSL_OP_NO_TLSv1_1;
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
+#endif
#ifdef SSL_OP_NO_TLSv1_2
- opts |= SSL_OP_NO_TLSv1_2;
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
#endif
#ifdef SSL_OP_NO_TLSv1_3
- opts |= SSL_OP_NO_TLSv1_3;
-#endif
- SSL_CTX_set_options(ssl_ctx, opts);
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
#endif
}
#else