From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 16:38:47 +0000 (-0700)
Subject: Add GnuTLS channel binding support
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=3e100bb54dcff1596296319322f4d73f2730f3e5;p=openldap

Add GnuTLS channel binding support
---

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 4cfc32b25e..9acffaf735 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -785,6 +785,22 @@ tlsg_session_strength( tls_session *session )
 static int
 tlsg_session_unique( tls_session *sess, struct berval *buf, int is_server)
 {
+/* channel bindings added in 2.12.0 */
+#if GNUTLS_VERSION_NUMBER >= 0x020c00
+	tlsg_session *s = (tlsg_session *)sess;
+	gnutls_datum_t cb;
+	int rc;
+
+	rc = gnutls_session_channel_binding( s->session, GNUTLS_CB_TLS_UNIQUE, &cb );
+	if ( rc == 0 ) {
+		int len = cb.size;
+		if ( len > buf->bv_len )
+			len = buf->bv_len;
+		buf->bv_len = len;
+		memcpy( buf->bv_val, cb.data, len );
+		return len;
+	}
+#endif
 	return 0;
 }