Merge commit '36adc36' into dtls

* commit '36adc36': Add support for getrandom() Use library default for trunc-hmac in ssl_client2 Make truncated hmac a runtime option server-side Fix portability issue in script Specific error for suites in common but none good Prefer SHA-1 certificates for pre-1.2 clients Some more refactoring/tuning. Minor refactoring Conflicts: include/polarssl/error.h include/polarssl/ssl.h library/error.c
2025-07-29 11:41:15 +03:00 · 2015-01-21 13:48:45 +00:00
parent 0017c2be48 36adc3631c
commit bfccdd3c92
11 changed files with 262 additions and 63 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5149,6 +5149,11 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
    if( endpoint == SSL_IS_CLIENT )
        ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
 #endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+    if( endpoint == SSL_IS_SERVER )
+        ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+#endif
 }

 int ssl_set_transport( ssl_context *ssl, int transport )
@ -5692,9 +5697,6 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
 {
-    if( ssl->endpoint != SSL_IS_CLIENT )
-        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
    ssl->trunc_hmac = truncate;

    return( 0 );