From 93cc44b19242819a32b29a381d220e96a3c0fc41 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 27 Jun 2018 13:41:13 +0200
Subject: gnutls_session_get_flags: introduced
 GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH

This allows a server application to detect whether the client
would support post handshake authentication or not without initiating
via gnutls_reauth().

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/tls13/post_handshake.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/tls13')

diff --git a/lib/tls13/post_handshake.c b/lib/tls13/post_handshake.c
index 9543ca896e..b12c0ba221 100644
--- a/lib/tls13/post_handshake.c
+++ b/lib/tls13/post_handshake.c
@@ -219,7 +219,9 @@ int _gnutls13_reauth_server(gnutls_session_t session)
  * When this function is called under TLS1.2 or earlier or the peer didn't
  * advertise post-handshake auth, it always fails with
  * %GNUTLS_E_INVALID_REQUEST. The verification of the received peers certificate
- * is delegated to the session or credentials verification callbacks.
+ * is delegated to the session or credentials verification callbacks. A
+ * server can check whether post handshake authentication is supported
+ * by the client by checking the session flags with gnutls_session_get_flags().
  *
  * Prior to calling this function in server side, the function
  * gnutls_certificate_server_set_request() must be called setting expectations
-- 
cgit v1.2.1