From 3e100bb54dcff1596296319322f4d73f2730f3e5 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 09:38:47 -0700
Subject: [PATCH] Add GnuTLS channel binding support

---
 libraries/libldap/tls_g.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 4cfc32b25e..9acffaf735 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -785,6 +785,22 @@ tlsg_session_strength( tls_session *session )
 static int
 tlsg_session_unique( tls_session *sess, struct berval *buf, int is_server)
 {
+/* channel bindings added in 2.12.0 */
+#if GNUTLS_VERSION_NUMBER >= 0x020c00
+	tlsg_session *s = (tlsg_session *)sess;
+	gnutls_datum_t cb;
+	int rc;
+
+	rc = gnutls_session_channel_binding( s->session, GNUTLS_CB_TLS_UNIQUE, &cb );
+	if ( rc == 0 ) {
+		int len = cb.size;
+		if ( len > buf->bv_len )
+			len = buf->bv_len;
+		buf->bv_len = len;
+		memcpy( buf->bv_val, cb.data, len );
+		return len;
+	}
+#endif
 	return 0;
 }
 
-- 
2.39.5