Hi,
I tried to test my FAST implementation in QXmpp
(https://github.com/qxmpp-project/qxmpp/pull/630)
and noticed that HT-SHA-256-NONE (without channel binding) does always fail and
I managed to fix
it, so here's the patch. :)
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prosody-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/prosody-dev/20240607171413.0277e88a%40deimos.
# HG changeset patch
# User Linus Jahn <l...@kaidan.im>
# Date 1717772195 -7200
# Fri Jun 07 16:56:35 2024 +0200
# Node ID d1e88f7ff6398361090e2f9aec40ca142d3e2525
# Parent d4a8644a1cc5a904973e17b76934749b8b1f671d
mod_sasl2_fast: Fix authentication without channel binding
diff -r d4a8644a1cc5 -r d1e88f7ff639 mod_sasl2_fast/mod_sasl2_fast.lua
--- a/mod_sasl2_fast/mod_sasl2_fast.lua Tue Jun 04 09:06:44 2024 +0200
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua Fri Jun 07 16:56:35 2024 +0200
@@ -196,10 +196,10 @@
if not authc_username then
return "failure", "malformed-request";
end
- if not sasl_handler.profile.cb then
+ if cb_name and not sasl_handler.profile.cb then
module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
return "failure", "malformed-request";
- elseif not sasl_handler.profile.cb[cb_name] then
+ elseif cb_name and not sasl_handler.profile.cb[cb_name] then
module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
return "failure", "malformed-request";
end
