gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH

This allows a server application to detect whether the client would support post handshake authentication or not without initiating via gnutls_reauth(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-27 13:41:13 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-07-02 08:39:50 +0000
commit: 93cc44b19242819a32b29a381d220e96a3c0fc41 (patch)
tree: 7253224be2f64c77a686e784aacdd2443e2de15d /lib/tls13
parent: a8dc7ba3c19dca4db30f336c54e2f9191b0beae6 (diff)
download: gnutls-93cc44b19242819a32b29a381d220e96a3c0fc41.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/tls13/post_handshake.c b/lib/tls13/post_handshake.c
index 9543ca896e..b12c0ba221 100644
--- a/lib/tls13/post_handshake.c
+++ b/lib/tls13/post_handshake.c
@@ -219,7 +219,9 @@ int _gnutls13_reauth_server(gnutls_session_t session)
  * When this function is called under TLS1.2 or earlier or the peer didn't
  * advertise post-handshake auth, it always fails with
  * %GNUTLS_E_INVALID_REQUEST. The verification of the received peers certificate
- * is delegated to the session or credentials verification callbacks.
+ * is delegated to the session or credentials verification callbacks. A
+ * server can check whether post handshake authentication is supported
+ * by the client by checking the session flags with gnutls_session_get_flags().
  *
  * Prior to calling this function in server side, the function
  * gnutls_certificate_server_set_request() must be called setting expectations
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-27 13:41:13 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-02 08:39:50 +0000
commit	93cc44b19242819a32b29a381d220e96a3c0fc41 (patch)
tree	7253224be2f64c77a686e784aacdd2443e2de15d /lib/tls13
parent	a8dc7ba3c19dca4db30f336c54e2f9191b0beae6 (diff)
download	gnutls-93cc44b19242819a32b29a381d220e96a3c0fc41.tar.gz