forked from wolfSSL/wolfssl
Revising the Extended Master Secret support. Removing the dynamic
TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
This commit is contained in:
John Safranek
31
src/ssl.c
31
src/ssl.c
@@ -1749,27 +1749,34 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
|
||||
int wolfSSL_UseExtendedMasterSecret(WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseExtendedMasterSecret(&ssl->extensions, ssl->heap);
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_UseExtendedMasterSecret(WOLFSSL_CTX* ctx)
|
||||
int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
return TLSX_UseExtendedMasterSecret(&ctx->extensions, ctx->heap);
|
||||
ctx->haveEMS = 0;
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif /* NO_WOLFSSL_CLIENT */
|
||||
#endif /* HAVE_EXTENDED_MASTER */
|
||||
|
||||
int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ssl->options.haveEMS = 0;
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_LEANPSK
|
||||
|
||||
|
||||
Reference in New Issue
Block a user