From ff2f20bbc039ad8e362ead199366e21bc41f18ed Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 1 Dec 2017 13:16:07 +0200
Subject: [PATCH] lib-auth: Add AUTH_REQUEST_FLAG_TLS

Indicates whether connection is over TLS encryption.
---
 src/lib-auth/auth-client-request.c | 7 ++++++-
 src/lib-auth/auth-client.h         | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index abcd1709ea..576843e205 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -34,8 +34,13 @@ static void auth_server_send_new_request(struct auth_server_connection *conn,
 
 	if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
 		str_append(str, "\tfinal-resp-ok");
-	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
+	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) {
 		str_append(str, "\tsecured");
+		if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0)
+			str_append(str, "=tls");
+	} else {
+		i_assert((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) == 0);
+	}
 	if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
 		str_append(str, "\tno-penalty");
 	if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h
index dba7a2cfe0..99bc604210 100644
--- a/src/lib-auth/auth-client.h
+++ b/src/lib-auth/auth-client.h
@@ -15,7 +15,9 @@ enum auth_request_flags {
 	/* Support final SASL response */
 	AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP	= 0x08,
 	/* Enable auth_debug=yes logging for this request */
-	AUTH_REQUEST_FLAG_DEBUG			= 0x10
+	AUTH_REQUEST_FLAG_DEBUG			= 0x10,
+	/* If TLS was used */
+	AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
 };
 
 enum auth_request_status {