Remove extended_ms field from HS param if ExtendedMS enforced

include/mbedtls/ssl_internal.h

@@ -517,7 +517,8 @@ struct mbedtls_ssl_handshake_params
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     int new_session_ticket;             /*!< use NewSessionTicket?    */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&      \
+    !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
     int extended_ms;                    /*!< use Extended Master Secret? */
 #endif
 

library/ssl_cli.c

@@ -2097,7 +2097,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
     {
         if( extended_ms_seen )
         {
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
             ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
         }
         else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
                  MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )

library/ssl_srv.c

@@ -2042,7 +2042,9 @@ read_record_header:
     {
         if( extended_ms_seen )
         {
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
             ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
         }
         else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
                  MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )