From bb4d6c87d702cdf3e75339e12ec7d8a7cf9a248c Mon Sep 17 00:00:00 2001
From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Wed, 16 Jan 2019 17:05:48 +0100
Subject: [PATCH] daemon/tls: client-side re-authentication support for tls1.3

---
 daemon/tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/daemon/tls.c b/daemon/tls.c
index fd7fac51a..f90e497d0 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -1154,6 +1154,9 @@ struct tls_client_ctx_t *tls_client_ctx_new(struct tls_client_paramlist_entry *e
 	unsigned int flags = GNUTLS_CLIENT | GNUTLS_NONBLOCK
 #ifdef GNUTLS_ENABLE_FALSE_START
 			     | GNUTLS_ENABLE_FALSE_START
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030605
+			     | GNUTLS_AUTO_REAUTH | GNUTLS_POST_HANDSHAKE_AUTH
 #endif
 	;
 	int ret = gnutls_init(&ctx->c.tls_session,  flags);
-- 
2.47.2