[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Channel binding being attempted even when SCRAM PLUS not advertized
|
From: |
Simon Josefsson |
|
Subject: |
Re: Channel binding being attempted even when SCRAM PLUS not advertized |
|
Date: |
Tue, 16 Aug 2022 19:09:34 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Manvendra Bhangui <mbhangui@gmail.com> writes:
> I'm yet to merge the PR for SCRAM-*-PLUS into master and build the
> docker image. The next release will have gsasl and support
> tls-exporter. Hopefully it should be out before the end of this month.
>
> The PR which has tls-exporter is
> https://github.com/mbhangui/indimail-mta/pull/33
> The docker images are at
> https://hub.docker.com/r/cprogrammer/indimail-mta
> and
> https://github.com/mbhangui?tab=packages
Thank you for the links! I'll try it once you made the release.
We have CI/CD with interop of SCRAM/GSSAPI/GS2 between 'gsasl' as a
client and Dovecot and GNU MailUtils server-side, and various
combinations of Heimdal, MIT Kerberos, Libgssglue and GNU GSS:
https://gitlab.com/gsasl/gsasl/-/pipelines
Doing CI/CD interop of SCRAM-PLUS (tls-unique and tls-exporter) is still
missing though, I'd like to add both indimail-mta and mailutils somehow.
> For the PLUS variant it took me almost a week before I discovered the
> openssl functions
> SSL_get_peer_finished() and SSL_export_keying_material().
>
> Now it works like a charm with gsasl.
Nice! Interop testing this with gsasl's use of GnuTLS APIs would be
awesome..
/Simon
signature.asc
Description: PGP signature