[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gsasl - digest-md5 question.
|
From: |
Simon Josefsson |
|
Subject: |
Re: gsasl - digest-md5 question. |
|
Date: |
Mon, 30 Mar 2009 20:58:53 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux) |
Andery Melnikov <address@hidden> writes:
> 2009/3/25 Simon Josefsson <address@hidden>:
> [....]
>>>>>>> http://daily.josefsson.org/gsasl/gsasl-20090318.tar.gz
>>>>>>
>>>>>> Sorry, the correct link is:
>>>>>>
>>>>>> http://daily.josefsson.org/gsasl/gsasl-20090319.tar.gz
>>>>>
>>>>> Now, client<-->server communication always use qop=auth-int, and this
>>>>> completely break internal jabberd communication.
>>>>
>>>> The point of the new properties GSASL_QOP and GSASL_QOPS is that you can
>>>> request that the client and server DIGEST-MD5 code only use qop=auth if
>>>> you want. Doesn't this work for you?
>>>>
>>>> When your callback is called for the GSASL_QOP property, do:
>>>>
>>>> gsasl_property_set (sctx, GSASL_QOP, "qop-auth");
>>>> return GSASL_OK;
>>>
>>> Yes, this works now. Thnx.
>> Great!
> Hmm.. Maybe I'm stuppid - but this not work on other machine.
> client always send qop=auth,auth-int,
I don't follow -- in DIGEST-MD5 the server sends a list of qop's and the
client picks one of them. The client cannot send more than one qop.
> server run callback where i'm set property for auth, and
> nothing. Client always get success auth with qop=auth-int. Can you
> check this ?
I can't reproduce it. The gsasl 1.1 DIGEST-MD5 server defaults to only
sending qop=auth. You need to set the GSASL_QOPS property explicitly to
request qop=auth-int with gsasl 1.1.
Are you sure gsasl 1.1 is used? Maybe run ldconfig to make it pick up a
new libgsasl.so? Maybe your code really use gsasl 1.0 or earlier. Use
puts(gsasl_check_version(NULL)) to check.
/Simon