Merge branch 'session-hash' into dtls

* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c

programs/ssl/ssl_server2.c

@@ -127,6 +127,7 @@ int main( int argc, char *argv[] )
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
 #define DFL_BADMAC_LIMIT        -1
+#define DFL_EXTENDED_MS         -1
 
 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
     "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@@ -194,6 +195,7 @@ struct options
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
     int badmac_limit;           /* Limit of records with bad MAC            */
+    char extended_ms;           /* allow negotiation of extended MS?        */
 } opt;
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -348,6 +350,13 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
 #define USAGE_DTLS ""
 #endif
 
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+    "    extended_ms=0/1     default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
 #define USAGE \
     "\n usage: ssl_server2 param=<>...\n"                   \
     "\n acceptable parameters:\n"                           \
@@ -380,6 +389,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
     USAGE_CACHE                                             \
     USAGE_MAX_FRAG_LEN                                      \
     USAGE_ALPN                                              \
+    USAGE_EMS                                               \
     "\n"                                                    \
     "    min_version=%%s      default: \"ssl3\"\n"          \
     "    max_version=%%s      default: \"tls1_2\"\n"        \
@@ -783,6 +793,7 @@ int main( int argc, char *argv[] )
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
     opt.badmac_limit        = DFL_BADMAC_LIMIT;
+    opt.extended_ms         = DFL_EXTENDED_MS;
 
     for( i = 1; i < argc; i++ )
     {
@@ -978,6 +989,15 @@ int main( int argc, char *argv[] )
         {
             opt.alpn_string = q;
         }
+        else if( strcmp( p, "extended_ms" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.extended_ms = SSL_EXTENDED_MS_DISABLED; break;
+                case 1: opt.extended_ms = SSL_EXTENDED_MS_ENABLED; break;
+                default: goto usage;
+            }
+        }
         else if( strcmp( p, "tickets" ) == 0 )
         {
             opt.tickets = atoi( q );
@@ -1410,6 +1430,11 @@ int main( int argc, char *argv[] )
     };
 #endif
 
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+    if( opt.extended_ms != DFL_EXTENDED_MS )
+        ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+#endif
+
 #if defined(POLARSSL_SSL_ALPN)
     if( opt.alpn_string != NULL )
         if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )