Fix channel binding test

This doesn't feel quite right, but it does work.

Signed-off-by: Paul Arthur <[email protected]>

lib/client.c

@@ -797,6 +797,9 @@ int sasl_client_start(sasl_conn_t *conn,
 
 	    myflags = conn->props.security_flags;
 
+	    /* not a real security flag */
+	    myflags &= ~SASL_SEC_NONSTD_CBIND;
+
 	    /* if there's an external layer with a better SSF then this is no
 	     * longer considered a plaintext mechanism
 	     */

lib/server.c

@@ -1315,6 +1315,9 @@ static int mech_permitted(sasl_conn_t *conn,
     /* special case plaintext */
     myflags = conn->props.security_flags;
 
+    /* not a real security flag */
+    myflags &= ~SASL_SEC_NONSTD_CBIND;
+
     /* if there's an external layer this is no longer plaintext */
     if ((conn->props.min_ssf <= conn->external.ssf) && 
 	(conn->external.ssf > 1)) {

tests/runtests.py

@@ -406,7 +406,7 @@ def gssapi_tests(testdir):
     print('    ', end='')
     err += gssapi_channel_binding_test(kenv)
 
-    print('GSSAPI CHANNEL BINDING MISMTACH:')
+    print('GSSAPI CHANNEL BINDING MISMATCH:')
     print('    ', end='')
     err += gssapi_channel_binding_mismatch_test(kenv)
 

tests/t_gssapi_cli.c

@@ -163,6 +163,9 @@ int main(int argc, char *argv[])
 
     if (cb.name) {
         sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);
+        sasl_security_properties_t secprops = { 0 };
+        secprops.security_flags = SASL_SEC_NONSTD_CBIND;
+        sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
     }
 
     if (spnego) {

tests/t_gssapi_srv.c

@@ -166,6 +166,9 @@ int main(int argc, char *argv[])
 
     if (cb.name) {
         sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);
+        sasl_security_properties_t secprops = { 0 };
+        secprops.security_flags = SASL_SEC_NONSTD_CBIND;
+        sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
     }
 
     if (plain) {