Make session-hash depend on TLS versions

2014-10-28 14:13:55 +01:00 · 2014-10-28 14:13:55 +01:00 · 769c6b6351
commit 769c6b6351
parent b575b54cb9
2 changed files with 11 additions and 0 deletions
--- a/include/polarssl/check_config.h
+++ b/include/polarssl/check_config.h
@ -257,6 +257,13 @@
 #error "Illegal protocol selection"
 #endif

+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(POLARSSL_SSL_PROTO_TLS1)   &&          \
+    !defined(POLARSSL_SSL_PROTO_TLS1_1) &&          \
+    !defined(POLARSSL_SSL_PROTO_TLS1_2)
+#error "POLARSSL_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
 #if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
    ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) ||            \
      !defined(POLARSSL_CIPHER_MODE_CBC) )
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -821,6 +821,10 @@
 * renegotiation), since it actually fixes a more fundamental issue in the
 * original SSL/TLS design, and has implications beyond Triple Handshake.
 *
+ * Requires: POLARSSL_SSL_PROTO_TLS1    or
+ *           POLARSSL_SSL_PROTO_TLS1_1  or
+ *           POLARSSL_SSL_PROTO_TLS1_2
+ *
 * Comment this macro to disable support for Extended Master Secret.
 */
 #define POLARSSL_SSL_EXTENDED_MASTER_SECRET