idevice: Fix connections to <= iOS 5 devices with OpenSSL 3

Thanks @tihmstar for pointing this out.

1 files changed, 10 insertions, 1 deletions

diff --git a/src/idevice.c b/src/idevice.c
index a3c258f..12d9bb3 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1205,7 +1205,8 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 		SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
 	}
 #endif
-#if (OPENSSL_VERSION_MAJOR >= 3) && defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
+#if (OPENSSL_VERSION_MAJOR >= 3)
+#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
 	/*
 	 * For OpenSSL 3 and later, mark close_notify alerts as optional.
 	 * For prior versions of OpenSSL we check for SSL_ERROR_SYSCALL when
@@ -1213,6 +1214,14 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 	 */
 	SSL_CTX_set_options(ssl_ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
 #endif
+#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
+	/*
+	 * Without setting SSL_OP_LEGACY_SERVER_CONNECT, OpenSSL 3 fails with
+	 * error "unsafe legacy renegotiation disabled" when talking to iOS 5
+	 */
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+#endif
+#endif
 
 	BIO* membp;
 	X509* rootCert = NULL;