scram-sha-1-plus

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

scram-sha-1-plus

From:	Jeremy Harris
Subject:	scram-sha-1-plus
Date:	Fri, 27 Dec 2019 16:03:05 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2

Problem:
  gsasl_client_start(gsasl_ctx , "SCRAM-SHA-1-PLUS", &sctx)

fails with GSASL_NO_CB_TLS_UNIQUE.  But you can't provide that
prop until you have the sctx.

What is the expected sequence of calls?


As far as I can see from the example utility code, you have to
provide _a_ prop during some callbacks that happen when the
callback is first provided, back at just after gsasl_init()
is called.

The prop is then presumably set on some irrelevant sctx, which
happens by luck to still be around during the processing of
gsasl_client_start().  You can then override the prop by
another setting, using the real channel-binding (which I
only obtain between gsasl_init() and gsasl_client_start(),
having only just made the TCP and TLS connection) on the
then-legitimate sctx.

I have it operational, but it feels fragile.
-- 
Cheers,
  Jeremy

[Prev in Thread]

Current Thread

[Next in Thread]

scram-sha-1-plus, Jeremy Harris <=
- Re: scram-sha-1-plus, Jeremy Harris, 2019/12/27

Prev by Date: SCRAM methods
Next by Date: Re: scram-sha-1-plus
Previous by thread: SCRAM methods
Next by thread: Re: scram-sha-1-plus
Index(es):
- Date
- Thread