Changed prototype for ssl_set_truncated_hmac() to allow disabling

include/polarssl/ssl.h

@@ -986,13 +986,16 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
 
 /**
  * \brief          Activate negotiation of truncated HMAC (Client only)
+ *                 (Default: SSL_TRUNC_HMAC_ENABLED)
  *
  * \param ssl      SSL context
+ * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
+ *                                    SSL_TRUNC_HMAC_DISABLED)
  *
  * \return         O if successful,
  *                 POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
  */
-int ssl_set_truncated_hmac( ssl_context *ssl );
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
 
 /**
  * \brief          Enable / Disable renegotiation support for connection when

library/ssl_tls.c

@@ -3149,12 +3149,12 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
     return( 0 );
 }
 
-int ssl_set_truncated_hmac( ssl_context *ssl )
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
 {
     if( ssl->endpoint != SSL_IS_CLIENT )
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
-    ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+    ssl->trunc_hmac = truncate;
 
     return( 0 );
 }

programs/ssl/ssl_client2.c

@@ -634,7 +634,7 @@ int main( int argc, char *argv[] )
     ssl_set_max_frag_len( &ssl, opt.mfl_code );
 
     if( opt.trunc_hmac != 0 )
-        ssl_set_truncated_hmac( &ssl );
+        ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
 
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );