temporary: force mutual

Until channel bindings are more widely deployed force mutual
authentication even if channel binding fails.

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 6cb4be0..80e62c3 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -1068,6 +1068,11 @@ eapGssSmInitAcceptorMIC(OM_uint32 *minor,
     if (GSS_ERROR(major))
         return major;
 
+    /*
+     * As a temporary measure, force mutual authentication until channel binding is
+     * more widely deployed.
+     */
+    ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
     GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
 
     *minor = 0;