Martin Lambers <[email protected]> writes: >>From your analysis, it seems that SCRAM-SHA-1 needs the same exception > rule that DIGEST-MD5 needs, so the attached patch might fix the problem. > Would you please test it? ... > - /* For DIGEST-MD5, we need to send an empty answer to the last 334 > - * response before we get 235. */ > - if (strcmp(auth_mech, "DIGEST-MD5") == 0) > + /* For DIGEST-MD5 and SCRAM-SHA-1, we need to send an empty answer to the > + * last response before we get an OK. */ > + if (strcmp(auth_mech, "DIGEST-MD5") == 0 > + || strcmp(auth_mech, "SCRAM-SHA-1") == 0)
This looks a bit strange -- it shouldn't special-case SASL mechanisms, but just use the normal SASL state machine. You can use the return value from gsasl_step function to guide you when to quit the loop, although you need to observe that each challenge has a response. This is just an initial reaction, I haven't studied the code in more detail. /Simon ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ mpop-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mpop-users
