Make renegotiation a compile-time option
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 194e944..37123c7 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -687,7 +687,9 @@
*/
int state; /*!< SSL handshake: current state */
int renegotiation; /*!< Initial or renegotiation */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int renego_records_seen; /*!< Records since renego request */
+#endif
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@@ -810,9 +812,11 @@
int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
int disable_renegotiation; /*!< enable/disable renegotiation */
- int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
int renego_max_records; /*!< grace period for renegotiation */
+#endif
+ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
#if defined(POLARSSL_SSL_SET_CURVES)
const ecp_group_id *curve_list; /*!< allowed curves */
@@ -861,9 +865,11 @@
*/
int secure_renegotiation; /*!< does peer support legacy or
secure renegotiation */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
size_t verify_data_len; /*!< length of verify data stored */
char own_verify_data[36]; /*!< previous handshake verify data */
char peer_verify_data[36]; /*!< previous handshake verify data */
+#endif
};
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
@@ -1446,6 +1452,7 @@
void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
* \brief Enable / Disable renegotiation support for connection when
* initiated by peer
@@ -1460,6 +1467,7 @@
* SSL_RENEGOTIATION_DISABLED)
*/
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/**
* \brief Prevent or allow legacy renegotiation.
@@ -1490,8 +1498,9 @@
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
- * \brief Enforce server-requested renegotiation.
+ * \brief Enforce requested renegotiation.
* (Default: enforced, max_records = 16)
*
* When we request a renegotiation, the peer can comply or
@@ -1519,6 +1528,7 @@
* it but allow for a grace period of max_records records.
*/
void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/**
* \brief Return the number of data bytes available to read
@@ -1620,6 +1630,7 @@
*/
int ssl_handshake_step( ssl_context *ssl );
+#if defined(POLARSSL_SSL_RENEGOTIATION)
/**
* \brief Initiate an SSL renegotiation on the running connection.
* Client: perform the renegotiation right now.
@@ -1631,6 +1642,7 @@
* \return 0 if successful, or any ssl_handshake() return value.
*/
int ssl_renegotiate( ssl_context *ssl );
+#endif /* POLARSSL_SSL_RENEGOTIATION */
/**
* \brief Read at most 'len' application data bytes