Remove extended_ms field from HS param if ExtendedMS enforced
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 35b3a90..c9253bf 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -517,7 +517,8 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int new_session_ticket; /*!< use NewSessionTicket? */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+ !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
int extended_ms; /*!< use Extended Master Secret? */
#endif
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 257a517..17611d6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2097,7 +2097,9 @@
{
if( extended_ms_seen )
{
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
}
else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 023e0a8..ecde1b0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2042,7 +2042,9 @@
{
if( extended_ms_seen )
{
+#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED)
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */
}
else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )