auth: mech-gssapi - Fix handling of server sending empty initial response

This situation was erroneously interpreted as sending an out-of-band challenge
for the recently added channel binding feature, which causes GSSAPI
authentication to fail when the client does not send the intial response as part
of the AUTHENTICATION command.

diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index 57a2b125b2848459b8836cc2560eefe5d7a38f21..4ff571652896d4b2ad866cc74a194c828f5a7204 100644 (file)
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_request *request,
 
        if (data_size == 0) {
                /* The client should go first */
-               auth_request_handler_reply_continue(request, NULL, 0);
+               auth_request_handler_reply_continue(request, uchar_empty_ptr, 0);
        } else {
                mech_gssapi_auth_continue(request, data, data_size);
        }