From: Sam Hartman <hartmans@debian.org>
Date: Mon, 28 Oct 2013 17:31:54 +0000 (-0400)
Subject: Temporary: set mutual in flags token
X-Git-Tag: 0.9.2~29
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=fd9d97cff1558c41c1b370442ced31cb126155ba

Temporary: set mutual in flags token

Force mutual flag on the context prior to sending the flags token until channel binding is better deployed.
---

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index fb2f6c8..29465be 100644
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -964,6 +964,11 @@ eapGssSmInitGssFlags(OM_uint32 *minor,
     unsigned char wireFlags[4];
     gss_buffer_desc flagsBuf;
 
+    /*
+     * As a temporary measure, force mutual authentication until channel binding is
+     * more widely deployed.
+     */
+    ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
     store_uint32_be(ctx->gssFlags & GSSEAP_WIRE_FLAGS_MASK, wireFlags);
 
     flagsBuf.length = sizeof(wireFlags);