Merge commit '36adc36' into dtls
* commit '36adc36':
Add support for getrandom()
Use library default for trunc-hmac in ssl_client2
Make truncated hmac a runtime option server-side
Fix portability issue in script
Specific error for suites in common but none good
Prefer SHA-1 certificates for pre-1.2 clients
Some more refactoring/tuning.
Minor refactoring
Conflicts:
include/polarssl/error.h
include/polarssl/ssl.h
library/error.c
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 37d7e13..2af34cb 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -158,6 +158,7 @@
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate) */
/*
* Various constants
@@ -1851,15 +1852,15 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/**
- * \brief Activate negotiation of truncated HMAC (Client only)
- * (Default: SSL_TRUNC_HMAC_ENABLED)
+ * \brief Activate negotiation of truncated HMAC
+ * (Default: SSL_TRUNC_HMAC_DISABLED on client,
+ * SSL_TRUNC_HMAC_ENABLED on server.)
*
* \param ssl SSL context
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED)
*
- * \return O if successful,
- * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ * \return Always 0.
*/
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */