idevice: Fix connections to <= iOS 5 devices with OpenSSL 3
Thanks @tihmstar for pointing this out.
diff --git a/src/idevice.c b/src/idevice.c
index a3c258f..12d9bb3 100644
--- a/src/idevice.c
+++ b/src/idevice.c
@@ -1205,7 +1205,8 @@
SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_VERSION);
}
#endif
-#if (OPENSSL_VERSION_MAJOR >= 3) && defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
+#if (OPENSSL_VERSION_MAJOR >= 3)
+#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
/*
* For OpenSSL 3 and later, mark close_notify alerts as optional.
* For prior versions of OpenSSL we check for SSL_ERROR_SYSCALL when
@@ -1213,6 +1214,14 @@
*/
SSL_CTX_set_options(ssl_ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
#endif
+#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
+ /*
+ * Without setting SSL_OP_LEGACY_SERVER_CONNECT, OpenSSL 3 fails with
+ * error "unsafe legacy renegotiation disabled" when talking to iOS 5
+ */
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+#endif
+#endif
BIO* membp;
X509* rootCert = NULL;
