Remove extended_ms field from HS param if ExtendedMS enforced

2024-11-22 22:05:42 +01:00 · 2019-06-11 14:50:54 +01:00 · 2019-06-11 14:50:54 +01:00 · 1ab322bb51
commit 1ab322bb51
parent a49ec56f51
3 changed files with 6 additions and 1 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -517,7 +517,8 @@ struct mbedtls_ssl_handshake_params
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
    int new_session_ticket;             /*!< use NewSessionTicket?    */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&      \
+    !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
    int extended_ms;                    /*!< use Extended Master Secret? */
 #endif

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2097,7 +2097,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
    {
        if( extended_ms_seen )
        {
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
            ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
        }
        else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
                 MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -2042,7 +2042,9 @@ read_record_header:
    {
        if( extended_ms_seen )
        {
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
            ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
        }
        else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
                 MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )