diff options
| -rw-r--r-- | src/idevice.c | 30 | ||||
| -rw-r--r-- | src/idevice.h | 4 | ||||
| -rw-r--r-- | src/lockdown.c | 4 | 
3 files changed, 24 insertions, 14 deletions
| diff --git a/src/idevice.c b/src/idevice.c index 382e9d2..fd1f4b5 100644 --- a/src/idevice.c +++ b/src/idevice.c @@ -320,7 +320,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connect(idevice_t device, uint16_t  		new_connection->type = CONNECTION_USBMUXD;  		new_connection->data = (void*)(long)sfd;  		new_connection->ssl_data = NULL; -		idevice_get_udid(device, &new_connection->udid); +		new_connection->device = device;  		*connection = new_connection;  		return IDEVICE_E_SUCCESS;  	} else { @@ -348,9 +348,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_disconnect(idevice_connection_t con  		debug_info("Unknown connection type %d", connection->type);  	} -	if (connection->udid) -		free(connection->udid); -  	free(connection);  	connection = NULL; @@ -759,9 +756,9 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne  #endif  	plist_t pair_record = NULL; -	userpref_read_pair_record(connection->udid, &pair_record); +	userpref_read_pair_record(connection->device->udid, &pair_record);  	if (!pair_record) { -		debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); +		debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->device->udid);  		return ret;  	} @@ -789,16 +786,27 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne  		return ret;  	} -	/* force use of TLSv1 */ +#if OPENSSL_VERSION_NUMBER < 0x10100002L || \ +	(defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2060000fL)) +	/* force use of TLSv1 for older devices */ +	if (connection->device->version < DEVICE_VERSION(10,0,0)) {  #ifdef SSL_OP_NO_TLSv1_1 -	int opts = SSL_OP_NO_TLSv1_1; +		long opts = SSL_CTX_get_options(ssl_ctx); +		opts |= SSL_OP_NO_TLSv1_1;  #ifdef SSL_OP_NO_TLSv1_2 -	opts |= SSL_OP_NO_TLSv1_2; +		opts |= SSL_OP_NO_TLSv1_2;  #endif  #ifdef SSL_OP_NO_TLSv1_3 -	opts |= SSL_OP_NO_TLSv1_3; +		opts |= SSL_OP_NO_TLSv1_3; +#endif +		SSL_CTX_set_options(ssl_ctx, opts);  #endif -	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | opts); +	} +#else +	SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); +	if (connection->device->version < DEVICE_VERSION(10,0,0)) { +		SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION); +	}  #endif  	BIO* membp; diff --git a/src/idevice.h b/src/idevice.h index 94e828b..f403c55 100644 --- a/src/idevice.h +++ b/src/idevice.h @@ -46,6 +46,8 @@  #include "common/userpref.h"  #include "libimobiledevice/libimobiledevice.h" +#define DEVICE_VERSION(maj, min, patch) (((maj & 0xFF) << 16) | ((min & 0xFF) << 8) | (patch & 0xFF)) +  enum connection_type {  	CONNECTION_USBMUXD = 1  }; @@ -66,7 +68,7 @@ struct ssl_data_private {  typedef struct ssl_data_private *ssl_data_t;  struct idevice_connection_private { -	char *udid; +	idevice_t device;  	enum connection_type type;  	void *data;  	ssl_data_t ssl_data; diff --git a/src/lockdown.c b/src/lockdown.c index 23f2782..694fb47 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -715,7 +715,7 @@ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevi  			char *s_version = NULL;  			plist_get_string_val(p_version, &s_version);  			if (s_version && sscanf(s_version, "%d.%d.%d", &vers[0], &vers[1], &vers[2]) >= 2) { -				device->version = ((vers[0] & 0xFF) << 16) | ((vers[1] & 0xFF) << 8) | (vers[2] & 0xFF); +				device->version = DEVICE_VERSION(vers[0], vers[1], vers[2]);  			}  			free(s_version);  		} @@ -738,7 +738,7 @@ LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevi  	plist_free(pair_record);  	pair_record = NULL; -	if (device->version < 0x070000) { +	if (device->version < DEVICE_VERSION(7,0,0)) {  		/* for older devices, we need to validate pairing to receive trusted host status */  		ret = lockdownd_validate_pair(client_loc, NULL); | 
