gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH

This allows a server application to detect whether the client
would support post handshake authentication or not without initiating
via gnutls_reauth().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c
index 39565de6d2..e9940e79cb 100644
--- a/tests/tls13/post-handshake-with-cert.c
+++ b/tests/tls13/post-handshake-with-cert.c
@@ -234,6 +234,11 @@ static void server(int fd, int err, int type, unsigned max_auths)
 	if (ret != 0)
 		fail("handshake failed: %s\n", gnutls_strerror(ret));
 
+	if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) {
+		fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n");
+	}
+
+
 	if (client_hello_ok == 0) {
 		fail("server: did not verify the client hello\n");
 	}
diff --git a/tests/tls13/post-handshake-without-cert.c b/tests/tls13/post-handshake-without-cert.c
index 4ee821b413..827fbc8495 100644
--- a/tests/tls13/post-handshake-without-cert.c
+++ b/tests/tls13/post-handshake-without-cert.c
@@ -193,6 +193,9 @@ static void server(int fd)
 		}
 	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 
+	if ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) {
+		fail("server: session flags did contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n");
+	}
 
 	if (server_hello_ok == 0) {
 		fail("server: did not verify the server hello contents\n");