From e3cc024e38e2b4632584f85223160b88f4583979 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Tue, 1 May 2018 18:54:09 +0100
Subject: [PATCH] Don't periodically check GSS creds in non-GSS mode.

The 2-minutely check to see whether new GSS credentials need to be
forwarded to the server is pointless if we're not even in the mode
where we _have_ forwarded a previous set.

This was made obvious by the overly verbose diagnostic fixed in the
previous commit, so it's a good thing that bug was temporarily there!
---
 ssh.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssh.c b/ssh.c
index 3c0bd133..4458c7a1 100644
--- a/ssh.c
+++ b/ssh.c
@@ -12030,7 +12030,12 @@ static int ssh2_timer_update(Ssh ssh, unsigned long rekey_time)
     }
 
 #ifndef NO_GSSAPI
-    {
+    if (ssh->gss_kex_used) {
+        /*
+         * If we've used GSSAPI key exchange, then we should
+         * periodically check whether we need to do another one to
+         * pass new credentials to the server.
+         */
         unsigned long gssmins;
 
         /* Check cascade conditions more frequently if configured */