Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.

commit: e117a8fc0dcdd9c2528856876748cfa8b06e4fd7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:39:35 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:52:20 2015 +0100
tree: 01c4874b0edb46056886b882c511f256a0943d2b
parent: 8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6d8626c..534525a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -629,7 +629,8 @@
 
     ((void) buf);
 
-    ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+    if( ssl->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+        ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
 
     return( 0 );
 }
commit	e117a8fc0dcdd9c2528856876748cfa8b06e4fd7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:39:35 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:52:20 2015 +0100
tree	01c4874b0edb46056886b882c511f256a0943d2b
parent	8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]