diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h index 56d84414b..4f65e17db 100644 --- a/include/polarssl/check_config.h +++ b/include/polarssl/check_config.h @@ -272,6 +272,11 @@ #error "POLARSSL_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" #endif +#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY) && \ + ( !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_PROTO_DTLS) ) +#error "POLARSSL_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" +#endif + #if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \ ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \ !defined(POLARSSL_CIPHER_MODE_CBC) ) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 20f104df3..5591e44ec 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -913,15 +913,6 @@ */ #define POLARSSL_SSL_PROTO_DTLS -/** - * \def POLARSSL_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Comment this to disable anti-replay in DTLS. - */ -#define POLARSSL_SSL_DTLS_ANTI_REPLAY - /** * \def POLARSSL_SSL_ALPN * @@ -932,6 +923,18 @@ */ #define POLARSSL_SSL_ALPN +/** + * \def POLARSSL_SSL_DTLS_ANTI_REPLAY + * + * Enable support for the anti-replay mechanism in DTLS. + * + * Requires: POLARSSL_SSL_TLS_C + * POLARSSL_POLARSSL_PROTO_DTLS + * + * Comment this to disable anti-replay in DTLS. + */ +#define POLARSSL_SSL_DTLS_ANTI_REPLAY + /** * \def POLARSSL_SSL_DTLS_HELLO_VERIFY * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bd830e5ee..1a5cb0191 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2970,8 +2970,7 @@ static int ssl_prepare_record_content( ssl_context *ssl ) } #endif /* POLARSSL_ZLIB_SUPPORT */ -#if defined(POLARSSL_SSL_PROTO_DTLS) && \ - defined(POLARSSL_SSL_DTLS_ANTI_REPLAY) +#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY) if( ssl->transport == SSL_TRANSPORT_DATAGRAM ) { ssl_dtls_replay_update( ssl );