summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/idevice.c30
-rw-r--r--src/idevice.h4
-rw-r--r--src/lockdown.c4
3 files changed, 24 insertions, 14 deletions
diff --git a/src/idevice.c b/src/idevice.c
index 382e9d2..fd1f4b5 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -320,7 +320,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connect(idevice_t device, uint16_t
320 new_connection->type = CONNECTION_USBMUXD; 320 new_connection->type = CONNECTION_USBMUXD;
321 new_connection->data = (void*)(long)sfd; 321 new_connection->data = (void*)(long)sfd;
322 new_connection->ssl_data = NULL; 322 new_connection->ssl_data = NULL;
323 idevice_get_udid(device, &new_connection->udid); 323 new_connection->device = device;
324 *connection = new_connection; 324 *connection = new_connection;
325 return IDEVICE_E_SUCCESS; 325 return IDEVICE_E_SUCCESS;
326 } else { 326 } else {
@@ -348,9 +348,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_disconnect(idevice_connection_t con
348 debug_info("Unknown connection type %d", connection->type); 348 debug_info("Unknown connection type %d", connection->type);
349 } 349 }
350 350
351 if (connection->udid)
352 free(connection->udid);
353
354 free(connection); 351 free(connection);
355 connection = NULL; 352 connection = NULL;
356 353
@@ -759,9 +756,9 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
759#endif 756#endif
760 plist_t pair_record = NULL; 757 plist_t pair_record = NULL;
761 758
762 userpref_read_pair_record(connection->udid, &pair_record); 759 userpref_read_pair_record(connection->device->udid, &pair_record);
763 if (!pair_record) { 760 if (!pair_record) {
764 debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); 761 debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->device->udid);
765 return ret; 762 return ret;
766 } 763 }
767 764
@@ -789,16 +786,27 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
789 return ret; 786 return ret;
790 } 787 }
791 788
792 /* force use of TLSv1 */ 789#if OPENSSL_VERSION_NUMBER < 0x10100002L || \
790 (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2060000fL))
791 /* force use of TLSv1 for older devices */
792 if (connection->device->version < DEVICE_VERSION(10,0,0)) {
793#ifdef SSL_OP_NO_TLSv1_1 793#ifdef SSL_OP_NO_TLSv1_1
794 int opts = SSL_OP_NO_TLSv1_1; 794 long opts = SSL_CTX_get_options(ssl_ctx);
795 opts |= SSL_OP_NO_TLSv1_1;
795#ifdef SSL_OP_NO_TLSv1_2 796#ifdef SSL_OP_NO_TLSv1_2
796 opts |= SSL_OP_NO_TLSv1_2; 797 opts |= SSL_OP_NO_TLSv1_2;
797#endif 798#endif
798#ifdef SSL_OP_NO_TLSv1_3 799#ifdef SSL_OP_NO_TLSv1_3
799 opts |= SSL_OP_NO_TLSv1_3; 800 opts |= SSL_OP_NO_TLSv1_3;
801#endif
802 SSL_CTX_set_options(ssl_ctx, opts);
800#endif 803#endif
801 SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | opts); 804 }
805#else
806 SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
807 if (connection->device->version < DEVICE_VERSION(10,0,0)) {
808 SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
809 }
802#endif 810#endif
803 811
804 BIO* membp; 812 BIO* membp;
diff --git a/src/idevice.h b/src/idevice.h
index 94e828b..f403c55 100644
--- a/src/idevice.h
+++ b/src/idevice.h
@@ -46,6 +46,8 @@
46#include "common/userpref.h" 46#include "common/userpref.h"
47#include "libimobiledevice/libimobiledevice.h" 47#include "libimobiledevice/libimobiledevice.h"
48 48
49#define DEVICE_VERSION(maj, min, patch) (((maj & 0xFF) << 16) | ((min & 0xFF) << 8) | (patch & 0xFF))
50
49enum connection_type { 51enum connection_type {
50 CONNECTION_USBMUXD = 1 52 CONNECTION_USBMUXD = 1
51}; 53};
@@ -66,7 +68,7 @@ struct ssl_data_private {
66typedef struct ssl_data_private *ssl_data_t; 68typedef struct ssl_data_private *ssl_data_t;
67 69
68struct idevice_connection_private { 70struct idevice_connection_private {
69 char *udid; 71 idevice_t device;
70 enum connection_type type; 72 enum connection_type type;
71 void *data; 73 void *data;
72 ssl_data_t ssl_data; 74 ssl_data_t ssl_data;
diff --git a/src/lockdown.c b/src/lockdown.c
index 23f2782..694fb47 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -715,7 +715,7 @@ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevi
715 char *s_version = NULL; 715 char *s_version = NULL;
716 plist_get_string_val(p_version, &s_version); 716 plist_get_string_val(p_version, &s_version);
717 if (s_version && sscanf(s_version, "%d.%d.%d", &vers[0], &vers[1], &vers[2]) >= 2) { 717 if (s_version && sscanf(s_version, "%d.%d.%d", &vers[0], &vers[1], &vers[2]) >= 2) {
718 device->version = ((vers[0] & 0xFF) << 16) | ((vers[1] & 0xFF) << 8) | (vers[2] & 0xFF); 718 device->version = DEVICE_VERSION(vers[0], vers[1], vers[2]);
719 } 719 }
720 free(s_version); 720 free(s_version);
721 } 721 }
@@ -738,7 +738,7 @@ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevi
738 plist_free(pair_record); 738 plist_free(pair_record);
739 pair_record = NULL; 739 pair_record = NULL;
740 740
741 if (device->version < 0x070000) { 741 if (device->version < DEVICE_VERSION(7,0,0)) {
742 /* for older devices, we need to validate pairing to receive trusted host status */ 742 /* for older devices, we need to validate pairing to receive trusted host status */
743 ret = lockdownd_validate_pair(client_loc, NULL); 743 ret = lockdownd_validate_pair(client_loc, NULL);
744 744
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics