Re: SCRAM-SHA-1 support in GSASL

[Simon Josefsson]

Lothar May <address@hidden> writes:

> Simon,
>
> thank you for the quick reply!
>
> 2010/3/22 Simon Josefsson <address@hidden>:
> [...]
>>> Great, thanks! I've also updated to the latest version of gsasl. Is
>>> SCRAM compatible to the first release in 1.2?
>>
>> It should be -- except that versions earlier than 1.4.2 have bugs that
>> may lead to crashes.  There is a fix in master for SCRAM which you may
>> want too.  I'm thinking of releasing v1.4.3 with that fix in it, but I'm
>> trying to get to v1.6.0 that would introduce GS2-KRB5 support too.
>> GS2-KRB5 is working now, but I need to polish some details.
>
> Well I can use any latest release on Windows, but on Linux we're tied
> to whichever version the system has installed ;-).

I understand.  1.4.2 is in debian unstable right now, 1.4.0 is in debian
testing and ubuntu, dunno about other distributions.

> With the new GS2-KRB5 - do you mean this one?
> http://tools.ietf.org/html/draft-ietf-sasl-gs2-20

Yes, or http://www.rfc-editor.org/authors/rfc5801.txt, although not
quite final yet.

> [...]
>>> Oh well... Does anyone know how I can use a user name containing utf8
>>> characters without prior conversion?
>>
>> If you use non-ascii strings, you need to build Libidn and link GNU SASL
>> to it as well -- GNU SASL will reject any non-ascii strings when Libidn
>> is not enabled.  You could hack around this in lib/src/saslprep.c if you
>> want, but (of course) then you aren't fully SCRAM standards compliant.
>
> Oh OK that is the cause of the problem. Is there any chance that I can
> use the prebuilt mingw gsasl with libidn?

The prebuilt mingw gsasl are built with --without-stringprep.  I enabled
libidn for the build and it went fine, so please test these:

http://josefsson.org/gnutls4win/gsasl-1.4.2-idn.zip
http://josefsson.org/gnutls4win/gsasl-1.4.2-idn.zip.sig
http://josefsson.org/gnutls4win/mingw32-gsasl_1.4.2-idn-1_all.deb

Future gsasl4win builds will use libidn too.

/Simon