Package: libimobiledevice4
Version: 1.1.6+dfsg-3.1

On devices (iPhones) upgraded to iOS 10, there are errors that prevent connecting. I did not find this in deb bugs.


This was fixed in master upstream, using TLS1.0 instead of SSL3.0. We should really get this fixed in jessie (in 1.1.6), otherwise iOS 10 devices become unusable with Debian.

Requires two commits:
13bf235cac2201747de11652cf14fe2714ca0718
72643b2b83990b9cf97cc84b285b30763d44a72d

After these, rebuilding and reinstalling, the iOS 10 devices works fine for me.

Nathan

Patch:
--- libimobiledevice-1.1.6+dfsg.orig/src/idevice.c
+++ libimobiledevice-1.1.6+dfsg/src/idevice.c
@@ -777,7 +777,7 @@ idevice_error_t idevice_connection_enabl
     }
     BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);

-    SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
+    SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method());
     if (ssl_ctx == NULL) {
         debug_info("ERROR: Could not create SSL context.");
         BIO_free(ssl_bio);
@@ -838,7 +838,7 @@ idevice_error_t idevice_connection_enabl
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
     gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
- gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); + gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
     gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);

Reply via email to