let me come back to the mail from Paul Connolly. I tested DIGEST-MD5 from Authen-SASL 2.05 against OpenLDAP (using cyrus-sasl2 as server-side SASL implementation) and can confirm Paul's findings.
I also checked against RFC2831 as well as the newer draft in cyrus-sasl2
package. Both say:
- the server sends a quoted list of comma separated qop-values
e.g. qop="auth,auth-int,auth-conf"
- the client sends back one of the elements received from the server
e.g. qop=auth
So Paul's fixes match the RFCs.
(If I understand the RFCs and the code correctly he is even right in saying
that the client sending qop values auth-int and auth-conf is not supported in
the code)
I have converted his fixes into unified diff format and added a patch for the
test which I append to this mail
Would you mind applying this patch to Authen-SASL and release a new version ?
Sure, this is great. Thanks.
If anyone, who has more understanding of DIGEST-MD5 than I, has any time and feels like expanding the testcase to cover more scenarios then I would be very grateful.
Graham.
