Add negotiation of Extended Master Secret
(But not the actual thing yet.)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bd4494f..1fe3a95 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -470,6 +470,11 @@
SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
handshake->pmslen );
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
+ SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
+ // XXX to be continued, WIP
+#endif
handshake->tls_prf( handshake->premaster, handshake->pmslen,
"master secret",
handshake->randbytes, 64, session->master, 48 );
@@ -3437,6 +3442,10 @@
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+ ssl->extended_ms = SSL_EXTENDED_MS_ENABLED;
+#endif
+
#if defined(POLARSSL_SSL_SESSION_TICKETS)
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
#endif
@@ -3984,6 +3993,13 @@
}
#endif
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+void ssl_set_extended_master_secret( ssl_context *ssl, char ems )
+{
+ ssl->extended_ms = ems;
+}
+#endif
+
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
{