diff options
| author |  Nikias Bassen | 2023-01-11 04:00:51 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2023-01-11 04:00:51 +0100 |
| commit | a15a31611d61379297ec45c2a5d34ab57dfb958d (patch) | |
| tree | 1cdfaaf4f0d8c43eed0b33aa22db4621e9ac74f2 | |
| parent | 8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d (diff) | |
| download | libimobiledevice-a15a31611d61379297ec45c2a5d34ab57dfb958d.tar.gz libimobiledevice-a15a31611d61379297ec45c2a5d34ab57dfb958d.tar.bz2 | |
idevice: Fix connections to <= iOS 5 devices with OpenSSL 3
Thanks @tihmstar for pointing this out.
| -rw-r--r-- | src/idevice.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/idevice.c b/src/idevice.c index a3c258f..12d9bb3 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -1205,7 +1205,8 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); } #endif -#if (OPENSSL_VERSION_MAJOR >= 3) && defined(SSL_OP_IGNORE_UNEXPECTED_EOF) +#if (OPENSSL_VERSION_MAJOR >= 3) +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) /* * For OpenSSL 3 and later, mark close_notify alerts as optional. * For prior versions of OpenSSL we check for SSL_ERROR_SYSCALL when @@ -1213,6 +1214,14 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne */ SSL_CTX_set_options(ssl_ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); #endif +#if defined(SSL_OP_LEGACY_SERVER_CONNECT) + /* + * Without setting SSL_OP_LEGACY_SERVER_CONNECT, OpenSSL 3 fails with + * error "unsafe legacy renegotiation disabled" when talking to iOS 5 + */ + SSL_CTX_set_options(ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT); +#endif +#endif BIO* membp; X509* rootCert = NULL; |