From fd9d97cff1558c41c1b370442ced31cb126155ba Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 28 Oct 2013 13:31:54 -0400
Subject: [PATCH] Temporary: set mutual in flags token

Force mutual flag on the context prior to sending the flags token until channel binding is better deployed.
---
 mech_eap/init_sec_context.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index fb2f6c8..29465be 100644
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -964,6 +964,11 @@ eapGssSmInitGssFlags(OM_uint32 *minor,
     unsigned char wireFlags[4];
     gss_buffer_desc flagsBuf;
 
+    /*
+     * As a temporary measure, force mutual authentication until channel binding is
+     * more widely deployed.
+     */
+    ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
     store_uint32_be(ctx->gssFlags & GSSEAP_WIRE_FLAGS_MASK, wireFlags);
 
     flagsBuf.length = sizeof(wireFlags);
-- 
2.1.4