Opened 7 years ago

Closed 7 years ago

#5622 closed enhancement (fixed)

Support SCRAM-SHA-1 SASL mechanism

Reported by: dave cridland Owned by: Dave Cridland
Priority: normal Milestone: 0.14
Component: None Version:
Severity: normal Keywords:
Cc: Blocked By:
Blocking: OS: All

Description

Problem

Gajim doesn't support SCRAM, which will be the new MTI.

Analysis

Implement it.

Enhancement recommendation

Steal my implementation and butcher it into auth_nb.py

Attachments (1)

gajim-scram.patch (5.2 KB) - added by Dave Cridland 7 years ago.
Implements basic SCRAM-SHA-1 (no channel binding)

Download all attachments as: .zip

Change History (3)

Changed 7 years ago by Dave Cridland

Implements basic SCRAM-SHA-1 (no channel binding)

comment:1 Changed 7 years ago by Dave Cridland

  • Owner set to Dave Cridland
  • Status changed from new to assigned

I'd note that a couple of things are missing from this patch:

1) Mutual authentication isn't done - it's also missing for DIGEST-MD5 entirely, so I doubt this is a blocker.

It is done if the server sends the server proof in a <challenge/> - which is silly, but we do it. If the proof is invalid, though, I just do 'raise "Hell"', which ought to be corrected to dropping the connection and alerting the user.

2) Channel binding isn't done.

I do have the code to do this, as well, with PyOpenSSL, but I have a feeling that some cases required a patched PyOpenSSL. I'll dig out the patches and submit them. (Again).

comment:2 Changed 7 years ago by Yann Leboulanger <asterix@…>

  • Milestone set to 0.14
  • Resolution set to fixed
  • Status changed from assigned to closed

(In [2593c6a02d88]) [Dave Cridland] basic SCRAM-SHA-1 implementation (no channel binding). Fixes #5622

Note: See TracTickets for help on using tickets.