daemon/tls: client-side re-authentication support for tls1.3

author Grigorii Demidov <grigorii.demidov@nic.cz>

Wed, 16 Jan 2019 16:05:48 +0000 (17:05 +0100)

committer Grigorii Demidov <grigorii.demidov@nic.cz>

Thu, 17 Jan 2019 09:56:33 +0000 (10:56 +0100)
author Grigorii Demidov <grigorii.demidov@nic.cz>
Wed, 16 Jan 2019 16:05:48 +0000 (17:05 +0100)
committer Grigorii Demidov <grigorii.demidov@nic.cz>
Thu, 17 Jan 2019 09:56:33 +0000 (10:56 +0100)
diff --git a/daemon/tls.c b/daemon/tls.c

index fd7fac51a054148bd52d1b7656da7563013575d2..f90e497d0ffa8fd2b45bd59bb4990c7264661226 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -1154,6 +1154,9 @@ struct tls_client_ctx_t *tls_client_ctx_new(struct tls_client_paramlist_entry *e
         unsigned int flags = GNUTLS_CLIENT | GNUTLS_NONBLOCK
  #ifdef GNUTLS_ENABLE_FALSE_START
                              | GNUTLS_ENABLE_FALSE_START
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030605
+                            | GNUTLS_AUTO_REAUTH | GNUTLS_POST_HANDSHAKE_AUTH
  #endif
         ;
         int ret = gnutls_init(&ctx->c.tls_session,  flags);
author	Grigorii Demidov <grigorii.demidov@nic.cz>
	Wed, 16 Jan 2019 16:05:48 +0000 (17:05 +0100)
committer	Grigorii Demidov <grigorii.demidov@nic.cz>
	Thu, 17 Jan 2019 09:56:33 +0000 (10:56 +0100)