diff options
| -rw-r--r-- | src/idevice.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/idevice.c b/src/idevice.c index a3c258f..12d9bb3 100644 --- a/src/idevice.c +++ b/src/idevice.c | |||
| @@ -1205,7 +1205,8 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne | |||
| 1205 | SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); | 1205 | SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); |
| 1206 | } | 1206 | } |
| 1207 | #endif | 1207 | #endif |
| 1208 | #if (OPENSSL_VERSION_MAJOR >= 3) && defined(SSL_OP_IGNORE_UNEXPECTED_EOF) | 1208 | #if (OPENSSL_VERSION_MAJOR >= 3) |
| 1209 | #if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) | ||
| 1209 | /* | 1210 | /* |
| 1210 | * For OpenSSL 3 and later, mark close_notify alerts as optional. | 1211 | * For OpenSSL 3 and later, mark close_notify alerts as optional. |
| 1211 | * For prior versions of OpenSSL we check for SSL_ERROR_SYSCALL when | 1212 | * For prior versions of OpenSSL we check for SSL_ERROR_SYSCALL when |
| @@ -1213,6 +1214,14 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne | |||
| 1213 | */ | 1214 | */ |
| 1214 | SSL_CTX_set_options(ssl_ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); | 1215 | SSL_CTX_set_options(ssl_ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); |
| 1215 | #endif | 1216 | #endif |
| 1217 | #if defined(SSL_OP_LEGACY_SERVER_CONNECT) | ||
| 1218 | /* | ||
| 1219 | * Without setting SSL_OP_LEGACY_SERVER_CONNECT, OpenSSL 3 fails with | ||
| 1220 | * error "unsafe legacy renegotiation disabled" when talking to iOS 5 | ||
| 1221 | */ | ||
| 1222 | SSL_CTX_set_options(ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT); | ||
| 1223 | #endif | ||
| 1224 | #endif | ||
| 1216 | 1225 | ||
| 1217 | BIO* membp; | 1226 | BIO* membp; |
| 1218 | X509* rootCert = NULL; | 1227 | X509* rootCert = NULL; |