Create a new flag for enforcing the extended master secret
If the flag is enabled, drop the connection if peer doesn't support
extended master secret extension.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b61453f..8cf9a49 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8341,6 +8341,12 @@
{
conf->extended_ms = ems;
}
+
+void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
+ char ems_enf);
+{
+ conf->enforce_extended_master_secret = ems_enf;
+}
#endif
#if defined(MBEDTLS_ARC4_C)