|
| From: | Pawel Widera |
| Subject: | Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "charset=utf-8" in response |
| Date: | Sun, 8 Jun 2008 13:48:27 +0200 (CEST) |
On Wed, 4 Jun 2008, Simon Josefsson wrote:
I'm trying to understand whether changing the code to do the transformation on username and realm may cause problems for you if you have actual users with latin-1 username/realms. I suspect your problem was merely that gsasl aborted the authentication, not that latin-1 passwords were handled incorrectly. Could you test a patch if I make one?
AFAIU correctly, this is a separate issue. The previous case was about ASCII response and this one applies only if client response is UTF-8:
The "username-value", "realm-value" and "passwd" are encoded according to the value of the "charset" directive. If "charset=UTF-8" is present, and all the characters of either "username-value" or passwd" are in the ISO 8859-1 character set, then it must be converted to ISO 8859-1 before being hashed.
So, as I believe this two will have separate path in the code, there should be no interference here. I can do some tests but only locally.
| [Prev in Thread] | Current Thread | [Next in Thread] |