GSASL channel-binding: TLS resumption checks

[users/jgh/exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index bee5a4256e7ff57b11388c7b95e7a922ff678bd1..d16479e5806a3627a0b611cbdab5d748628d48f0 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2784,6 +2784,7 @@ if (SSL_session_reused(server_ssl))
 /* TLS has been set up. Record data for the connection,
 adjust the input functions to read via TLS, and initialize things. */
 
+tls_in.ext_master_secret = SSL_get_extms_support(server_ssl) == 1;
 peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
 
 tls_in.ver = tlsver_name(server_ssl);
@@ -3384,6 +3385,7 @@ DEBUG(D_tls)
 tls_client_resume_posthandshake(exim_client_ctx, tlsp);
 #endif
 
+tlsp->ext_master_secret = SSL_get_extms_support(exim_client_ctx->ssl) == 1;
 peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
 
 tlsp->ver = tlsver_name(exim_client_ctx->ssl);