From f56a65f7bc08de0cd9bc5c1e4683b1d0c671b767 Mon Sep 17 00:00:00 2001
From: Author: Frederik Carlier
Date: Sat, 13 Jun 2020 01:50:17 +0200
Subject: Allow OpenSSL >= 1.1.0 to use older/disallowed TLS versions

---
 src/idevice.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/idevice.c')

diff --git a/src/idevice.c b/src/idevice.c
index 18487aa..fea1e03 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -922,7 +922,7 @@ static const char *ssl_error_to_string(int e)
 		case SSL_ERROR_NONE:
 			return "SSL_ERROR_NONE";
 		case SSL_ERROR_SSL:
-			return "SSL_ERROR_SSL";
+			return ERR_error_string(ERR_get_error(), NULL);
 		case SSL_ERROR_WANT_READ:
 			return "SSL_ERROR_WANT_READ";
 		case SSL_ERROR_WANT_WRITE:
@@ -1015,6 +1015,10 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 		return ret;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	SSL_CTX_set_security_level(ssl_ctx, 0);
+#endif
+
 #if OPENSSL_VERSION_NUMBER < 0x10100002L || \
 	(defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2060000fL))
 	/* force use of TLSv1 for older devices */
-- 
cgit v1.1-32-gdbae