From 769c6b63511e85e914dca9e55ad5640c3ccaa23d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Oct 2014 14:13:55 +0100 Subject: [PATCH] Make session-hash depend on TLS versions --- include/polarssl/check_config.h | 7 +++++++ include/polarssl/config.h | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h index 328b881ea..b4ae54144 100644 --- a/include/polarssl/check_config.h +++ b/include/polarssl/check_config.h @@ -257,6 +257,13 @@ #error "Illegal protocol selection" #endif +#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) && \ + !defined(POLARSSL_SSL_PROTO_TLS1) && \ + !defined(POLARSSL_SSL_PROTO_TLS1_1) && \ + !defined(POLARSSL_SSL_PROTO_TLS1_2) +#error "POLARSSL_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites" +#endif + #if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \ ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \ !defined(POLARSSL_CIPHER_MODE_CBC) ) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 9ca39e71d..dfe2764e5 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -821,6 +821,10 @@ * renegotiation), since it actually fixes a more fundamental issue in the * original SSL/TLS design, and has implications beyond Triple Handshake. * + * Requires: POLARSSL_SSL_PROTO_TLS1 or + * POLARSSL_SSL_PROTO_TLS1_1 or + * POLARSSL_SSL_PROTO_TLS1_2 + * * Comment this macro to disable support for Extended Master Secret. */ #define POLARSSL_SSL_EXTENDED_MASTER_SECRET