@@ -910,6 +910,7 @@ void

 get_tls_handshake_key (const struct key_type *key_type,

 		       struct key_ctx_bi *ctx,

 		       const char *passphrase_file,

+		       const int key_direction,

 		       const unsigned int flags)

 {

   if (passphrase_file && key_type->hmac_length)

@@ -970,7 +971,7 @@ get_tls_handshake_key (const struct key_type *key_type,

       }

       /* handle key direction */

-      key_direction_state_init (&kds, BOOL_CAST (flags & GHK_KEY_DIR));

+      key_direction_state_init (&kds, key_direction);

       must_have_n_keys (passphrase_file, "tls-auth", &key2, kds.need_keys);

       /* initialize hmac key in both directions */

@@ -369,11 +369,11 @@ void openssl_dmalloc_init (void);

 #ifdef USE_SSL

-#define GHK_KEY_DIR (1<<0)

-#define GHK_INLINE  (1<<1)

+#define GHK_INLINE  (1<<0)

 void get_tls_handshake_key (const struct key_type *key_type,

 			    struct key_ctx_bi *ctx,

 			    const char *passphrase_file,

+			    const int key_direction,

 			    const unsigned int flags);

 #else

@@ -1402,7 +1402,7 @@ do_init_crypto_tls_c1 (struct context *c)

       /* TLS handshake authentication (--tls-auth) */

       if (options->tls_auth_file)

 	{

-	  unsigned int flags = options->key_direction ? GHK_KEY_DIR : 0;

+	  unsigned int flags = 0;

 	  const char *file = options->tls_auth_file;

 #if ENABLE_INLINE_FILES

@@ -1415,6 +1415,7 @@ do_init_crypto_tls_c1 (struct context *c)

 	  get_tls_handshake_key (&c->c1.ks.key_type,

 				 &c->c1.ks.tls_auth_key,

 				 file,

+				 options->key_direction,

 				 flags);

 	}