From 037170465a72abfe0bbe97f43df945c12d3cb503 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 4 Nov 2014 19:52:10 +0100
Subject: [PATCH] Switch from an enable to a disable flag

---
 include/polarssl/config.h | 11 ++++++++---
 include/polarssl/ssl.h    |  6 ++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 2dc4240ca..085a61486 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -822,17 +822,22 @@
 //#define POLARSSL_SSL_HW_RECORD_ACCEL
 
 /**
- * \def POLARSSL_SSL_RENEGOTIATION
+ * \def POLARSSL_SSL_DISABLE_RENEGOTIATION
  *
- * Enable support for TLS renegotiation.
+ * Disable support for TLS renegotiation.
  *
  * The two main uses of renegotiation are (1) refresh keys on long-lived
  * connections and (2) client authentication after the initial handshake.
  * If you don't need renegotiation, it's probably better to disable it, since
  * it has been associated with security issues in the past and is easy to
  * misuse/misunderstand.
+ *
+ * Warning: in the next stable branch, this switch will be replaced by
+ * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation.
+ *
+ * Uncomment this to disable support for renegotiation.
  */
-#define POLARSSL_SSL_RENEGOTIATION
+//#define POLARSSL_SSL_DISABLE_RENEGOTIATION
 
 /**
  * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index b1df1382a..cfd987b41 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -32,6 +32,12 @@
 #else
 #include POLARSSL_CONFIG_FILE
 #endif
+
+/* Temporary compatibility trick for the current stable branch */
+#if !defined(POLARSSL_SSL_DISABLE_RENEGOTIATION)
+#define POLARSSL_SSL_RENEGOTIATION
+#endif
+
 #include "net.h"
 #include "bignum.h"
 #include "ecp.h"