Revising the Extended Master Secret support. Removing the dynamic

TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-09 23:16:52 -07:00
parent 4fb1431727
commit b994244011
10 changed files with 271 additions and 147 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -495,7 +495,7 @@ static void Usage(void)
    printf("-T          Use Truncated HMAC\n");
 #endif
 #ifdef HAVE_EXTENDED_MASTER
-    printf("-n          Use Extended Master Secret\n");
+    printf("-n          Disable Extended Master Secret\n");
 #endif
 #ifdef HAVE_OCSP
    printf("-o          Perform OCSP lookup on peer certificate\n");
@@ -613,7 +613,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
    byte statusRequest = 0;
 #endif
 #ifdef HAVE_EXTENDED_MASTER
-    byte extMasterSecret = 0;
+    byte disableExtMasterSecret = 0;
 #endif


@@ -865,7 +865,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)

            case 'n' :
                #ifdef HAVE_EXTENDED_MASTER
-                    extMasterSecret = 1;
+                    disableExtMasterSecret = 1;
                #endif
                break;

@@ -1246,9 +1246,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
        err_sys("UseSessionTicket failed");
 #endif
 #ifdef HAVE_EXTENDED_MASTER
-    if (extMasterSecret)
-        if (wolfSSL_CTX_UseExtendedMasterSecret(ctx) != SSL_SUCCESS)
-            err_sys("UseExtendedMasterSecret failed");
+    if (disableExtMasterSecret)
+        if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != SSL_SUCCESS)
+            err_sys("DisableExtendedMasterSecret failed");
 #endif

    if (benchmark) {