Add flags to disable certain checks

src/internal.c

@@ -82,7 +82,13 @@
  * WOLFSSL_HARDEN_TLS
  *     Implement the recommendations specified in RFC9325. This macro needs to
  *     be defined to the desired amount of bits of security. The currently
- *     implemented values are 112 and 128 bits.
+ *     implemented values are 112 and 128 bits. The following macros disable
+ *     certain checks.
+ *     - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
+ *     - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
+ *     - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
+ *     - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
+ *     - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
  */
 
 
@@ -7137,7 +7143,8 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         int useSecureReneg = ssl->ctx->useSecureReneg;
         /* use secure renegotiation by default (not recommend) */
     #if defined(WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT) || \
-        (defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12))
+        (defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
+                !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK))
         useSecureReneg = 1;
     #endif
         if (useSecureReneg) {
@@ -26994,7 +27001,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         }
 #endif
 
-#ifdef WOLFSSL_HARDEN_TLS
+#if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK)
         if (ssl->secure_renegotiation == NULL ||
                 !ssl->secure_renegotiation->enabled) {
             /* If the server does not acknowledge the extension, the client