diff options
| author |  Nikias Bassen | 2023-01-11 03:59:10 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2023-01-11 03:59:10 +0100 |
| commit | 8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d (patch) | |
| tree | 807237d1ee65d377299bbdcd38541dad0493c49f | |
| parent | 7a8e432e9b492bd3e800861f435d1bbe751076b0 (diff) | |
| download | libimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.gz libimobiledevice-8455d43a321e47fd3ceeee6dbc1e0a8ac0561f6d.tar.bz2 | |
idevice: Simplify TLS version selection code for older devices
Turns out that SSL_CTX_set_options does *not* clear options that
have been set before.
| -rw-r--r-- | src/idevice.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/idevice.c b/src/idevice.c index 5930db9..a3c258f 100644 --- a/src/idevice.c +++ b/src/idevice.c | |||
| @@ -1190,15 +1190,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne | |||
| 1190 | /* force use of TLSv1 for older devices */ | 1190 | /* force use of TLSv1 for older devices */ |
| 1191 | if (connection->device->version < DEVICE_VERSION(10,0,0)) { | 1191 | if (connection->device->version < DEVICE_VERSION(10,0,0)) { |
| 1192 | #ifdef SSL_OP_NO_TLSv1_1 | 1192 | #ifdef SSL_OP_NO_TLSv1_1 |
| 1193 | long opts = SSL_CTX_get_options(ssl_ctx); | 1193 | SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); |
| 1194 | opts |= SSL_OP_NO_TLSv1_1; | 1194 | #endif |
| 1195 | #ifdef SSL_OP_NO_TLSv1_2 | 1195 | #ifdef SSL_OP_NO_TLSv1_2 |
| 1196 | opts |= SSL_OP_NO_TLSv1_2; | 1196 | SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); |
| 1197 | #endif | 1197 | #endif |
| 1198 | #ifdef SSL_OP_NO_TLSv1_3 | 1198 | #ifdef SSL_OP_NO_TLSv1_3 |
| 1199 | opts |= SSL_OP_NO_TLSv1_3; | 1199 | SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); |
| 1200 | #endif | ||
| 1201 | SSL_CTX_set_options(ssl_ctx, opts); | ||
| 1202 | #endif | 1200 | #endif |
| 1203 | } | 1201 | } |
| 1204 | #else | 1202 | #else |