diff options
author | Nikias Bassen | 2019-09-05 19:50:24 +0200 |
---|---|---|
committer | Nikias Bassen | 2019-09-05 19:50:24 +0200 |
commit | a9e69b1252e5918b6d8ada1209ccefde301cfa26 (patch) | |
tree | 2428ae909f123e48dac2afead248089ae1c531fd /src/idevice.c | |
parent | 6d5a3d6a35a8610f83d6a69156cfe1b64da4f2bd (diff) | |
download | libimobiledevice-a9e69b1252e5918b6d8ada1209ccefde301cfa26.tar.gz libimobiledevice-a9e69b1252e5918b6d8ada1209ccefde301cfa26.tar.bz2 |
idevice: Fix handling SSL/TLS version selection for OpenSSL 1.1.0+ and for older devices
Diffstat (limited to 'src/idevice.c')
-rw-r--r-- | src/idevice.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/src/idevice.c b/src/idevice.c index 382e9d2..fd1f4b5 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -320,7 +320,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connect(idevice_t device, uint16_t new_connection->type = CONNECTION_USBMUXD; new_connection->data = (void*)(long)sfd; new_connection->ssl_data = NULL; - idevice_get_udid(device, &new_connection->udid); + new_connection->device = device; *connection = new_connection; return IDEVICE_E_SUCCESS; } else { @@ -348,9 +348,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_disconnect(idevice_connection_t con debug_info("Unknown connection type %d", connection->type); } - if (connection->udid) - free(connection->udid); - free(connection); connection = NULL; @@ -759,9 +756,9 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne #endif plist_t pair_record = NULL; - userpref_read_pair_record(connection->udid, &pair_record); + userpref_read_pair_record(connection->device->udid, &pair_record); if (!pair_record) { - debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); + debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->device->udid); return ret; } @@ -789,16 +786,27 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne return ret; } - /* force use of TLSv1 */ +#if OPENSSL_VERSION_NUMBER < 0x10100002L || \ + (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2060000fL)) + /* force use of TLSv1 for older devices */ + if (connection->device->version < DEVICE_VERSION(10,0,0)) { #ifdef SSL_OP_NO_TLSv1_1 - int opts = SSL_OP_NO_TLSv1_1; + long opts = SSL_CTX_get_options(ssl_ctx); + opts |= SSL_OP_NO_TLSv1_1; #ifdef SSL_OP_NO_TLSv1_2 - opts |= SSL_OP_NO_TLSv1_2; + opts |= SSL_OP_NO_TLSv1_2; #endif #ifdef SSL_OP_NO_TLSv1_3 - opts |= SSL_OP_NO_TLSv1_3; + opts |= SSL_OP_NO_TLSv1_3; +#endif + SSL_CTX_set_options(ssl_ctx, opts); #endif - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | opts); + } +#else + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); + if (connection->device->version < DEVICE_VERSION(10,0,0)) { + SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); + } #endif BIO* membp; |