From 8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Wed, 11 Jan 2023 03:59:10 +0100
Subject: idevice: Simplify TLS version selection code for older devices

Turns out that SSL_CTX_set_options does *not* clear options that
have been set before.
---
 src/idevice.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/idevice.c b/src/idevice.c
index 5930db9..a3c258f 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1190,15 +1190,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 	/* force use of TLSv1 for older devices */
 	if (connection->device->version < DEVICE_VERSION(10,0,0)) {
 #ifdef SSL_OP_NO_TLSv1_1
-		long opts = SSL_CTX_get_options(ssl_ctx);
-		opts |= SSL_OP_NO_TLSv1_1;
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
+#endif
 #ifdef SSL_OP_NO_TLSv1_2
-		opts |= SSL_OP_NO_TLSv1_2;
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
 #endif
 #ifdef SSL_OP_NO_TLSv1_3
-		opts |= SSL_OP_NO_TLSv1_3;
-#endif
-		SSL_CTX_set_options(ssl_ctx, opts);
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
 #endif
 	}
 #else
-- 
cgit v1.1-32-gdbae