From 8c1ede655f14c544c35dd4e5c840efa5001754db Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Fri, 19 Jul 2013 14:14:37 +0200
Subject: [PATCH] Changed prototype for ssl_set_truncated_hmac() to allow
 disabling

---
 include/polarssl/ssl.h     | 5 ++++-
 library/ssl_tls.c          | 4 ++--
 programs/ssl/ssl_client2.c | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 184e2e178..1557d3931 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -986,13 +986,16 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
 
 /**
  * \brief          Activate negotiation of truncated HMAC (Client only)
+ *                 (Default: SSL_TRUNC_HMAC_ENABLED)
  *
  * \param ssl      SSL context
+ * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
+ *                                    SSL_TRUNC_HMAC_DISABLED)
  *
  * \return         O if successful,
  *                 POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
  */
-int ssl_set_truncated_hmac( ssl_context *ssl );
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
 
 /**
  * \brief          Enable / Disable renegotiation support for connection when
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3da7c0b09..b9fca4440 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3149,12 +3149,12 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
     return( 0 );
 }
 
-int ssl_set_truncated_hmac( ssl_context *ssl )
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
 {
     if( ssl->endpoint != SSL_IS_CLIENT )
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
-    ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+    ssl->trunc_hmac = truncate;
 
     return( 0 );
 }
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 60e6f7e97..ca4d7c74e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -634,7 +634,7 @@ int main( int argc, char *argv[] )
     ssl_set_max_frag_len( &ssl, opt.mfl_code );
 
     if( opt.trunc_hmac != 0 )
-        ssl_set_truncated_hmac( &ssl );
+        ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
 
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );