From 7fb5bdb5742155404bfea959730631b1686f7db4 Mon Sep 17 00:00:00 2001
From: Stefan Becker <chemobejk@gmail.com>
Date: Fri, 6 Dec 2013 22:49:17 +0200
Subject: [PATCH] security: SPNEGO requires GSS_C_MUTUAL_FLAG

With this flag set the server sends us a non-empty final SPNEGO packet
for Kerberos and we can successfully complete our security context.

That should complete our GSSAPI SPNEGO implementation.
---
 src/core/sip-sec-gssapi.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/core/sip-sec-gssapi.c b/src/core/sip-sec-gssapi.c
index cc89bb62..4b810390 100644
--- a/src/core/sip-sec-gssapi.c
+++ b/src/core/sip-sec-gssapi.c
@@ -528,10 +528,12 @@ sip_sec_init_sec_context__gssapi(SipSecContext context,
 			g_strfreev(type_service);
 
 			name_oid = (gss_OID) GSS_C_NT_HOSTBASED_SERVICE;
-			if (context->flags & SIP_SEC_FLAG_GSSAPI_NEGOTIATE_FALLBACK)
+			if (context->flags & SIP_SEC_FLAG_GSSAPI_NEGOTIATE_FALLBACK) {
 				mech_oid = (gss_OID) &gss_mech_ntlmssp;
-			else
+			} else {
 				mech_oid = (gss_OID) &gss_mech_spnego;
+				flags |= GSS_C_MUTUAL_FLAG;
+			}
 		}
 		break;
 
-- 
2.11.4.GIT