Made support for the truncated_hmac extension configurable
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index bb88ea9..41013d8 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -550,6 +550,15 @@
#define POLARSSL_SSL_SESSION_TICKETS
/**
+ * \def POLARSSL_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define POLARSSL_SSL_TRUNCATED_HMAC
+
+/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d0e71e3..8f72710 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -366,7 +366,9 @@
unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< flag for truncated hmac activation */
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
};
/*
@@ -601,7 +603,9 @@
int disable_renegotiation; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< negotiate truncated hmac? */
+#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int session_tickets; /*!< use session tickets? */
int ticket_lifetime; /*!< session ticket lifetime */
@@ -1049,6 +1053,7 @@
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/**
* \brief Activate negotiation of truncated HMAC (Client only)
* (Default: SSL_TRUNC_HMAC_ENABLED)
@@ -1061,6 +1066,7 @@
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
*/
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/**
