Ted Ross created PROTON-1008:
--------------------------------
Summary: Using a blank mech_list disables authentication
Key: PROTON-1008
URL: https://issues.apache.org/jira/browse/PROTON-1008
Project: Qpid Proton
Issue Type: Bug
Components: python-binding
Affects Versions: 0.11
Reporter: Ted Ross
Fix For: 0.11
This bug was introduced in commit
https://github.com/apache/qpid-proton/commit/14956b07edc3de93f67179c753bbedcd9eba51a6
If the client leaves allowed_mechs as None, the SASL protocol is not even
executed. I claim that allowed_mechs is used to restrict the set of acceptable
mechanisms. If it is None, then all available mechanisms may be used.
This bug causes a failure in the Qpid Dispatch test suite
(system_tests_qdstat). The failure is when the server requires authentication
and will accept EXTERNAL and the client has a valid client-certificate but
doesn't use the sasl protocol because qdstat doesn't (and can't) set the
allowed_mechs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
