Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.

commit: e117a8fc0dcdd9c2528856876748cfa8b06e4fd7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:39:35 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:52:20 2015 +0100
tree: 01c4874b0edb46056886b882c511f256a0943d2b
parent: 8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 82ed04e..5849a62 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -1487,15 +1487,15 @@
 
 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
 /**
- * \brief          Activate negotiation of truncated HMAC (Client only)
- *                 (Default: SSL_TRUNC_HMAC_ENABLED)
+ * \brief          Activate negotiation of truncated HMAC
+ *                 (Default: SSL_TRUNC_HMAC_DISABLED on client,
+ *                           SSL_TRUNC_HMAC_ENABLED on server.)
  *
  * \param ssl      SSL context
  * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
  *                                    SSL_TRUNC_HMAC_DISABLED)
  *
- * \return         O if successful,
- *                 POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ * \return         Always 0.
  */
 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
commit	e117a8fc0dcdd9c2528856876748cfa8b06e4fd7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:39:35 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:52:20 2015 +0100
tree	01c4874b0edb46056886b882c511f256a0943d2b
parent	8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]