Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SCRAM-SHA-1 support via libgsasl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 25 Dec 2020 16:38:26 +0100 (CET)
On Thu, 24 Dec 2020, Simon Josefsson via curl-library wrote:
Hi Simon!
Thanks for contributing to curl!
> I am looking for feedback and review of a patch that implement support for
> SCRAM-SHA-1 in curl via libgsasl:
>
> https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram
We generally prefer if you just go ahead and submit it as a pull request, so
that it gets scrutinized by the tools first and then human review on github.
> Is it okay to pass strings allocated by libgsasl back for later free() by
> libcurl? Some platforms used to have separate heap managers for different
> context, but I don't know if this is still a concern for libcurl. If so,
> the newly allocated strings received from libgsasl could be re-allocated and
> the libgsasl strings deallocated immediately.
It is still a concern. Windows is the one platform that still has that
widespread use of different heap managers in different parts and Windows users
make up a significant user share in curl land.
> I don't know how to add self-tests -- can anyone explain how the existing
> CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work?
I believe Steve Holme would be the best guy to explain this, but he's been
"laying low" recently.
There seems to be 10 existing tests that use CRAM-MD5 (I just grepped for
"CRAM-MD5" in tests/data/), for IMAP and SMTP. They basically make sure that
the test server claims to support the auth mechanisms and then verifies that
the correct protocol strings were exchanged when the mails were retrieved or
sent. I think it would make sense to copy the setup from one or more of those
and just adapt to SHA-1 ?
Date: Fri, 25 Dec 2020 16:38:26 +0100 (CET)
On Thu, 24 Dec 2020, Simon Josefsson via curl-library wrote:
Hi Simon!
Thanks for contributing to curl!
> I am looking for feedback and review of a patch that implement support for
> SCRAM-SHA-1 in curl via libgsasl:
>
> https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram
We generally prefer if you just go ahead and submit it as a pull request, so
that it gets scrutinized by the tools first and then human review on github.
> Is it okay to pass strings allocated by libgsasl back for later free() by
> libcurl? Some platforms used to have separate heap managers for different
> context, but I don't know if this is still a concern for libcurl. If so,
> the newly allocated strings received from libgsasl could be re-allocated and
> the libgsasl strings deallocated immediately.
It is still a concern. Windows is the one platform that still has that
widespread use of different heap managers in different parts and Windows users
make up a significant user share in curl land.
> I don't know how to add self-tests -- can anyone explain how the existing
> CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work?
I believe Steve Holme would be the best guy to explain this, but he's been
"laying low" recently.
There seems to be 10 existing tests that use CRAM-MD5 (I just grepped for
"CRAM-MD5" in tests/data/), for IMAP and SMTP. They basically make sure that
the test server claims to support the auth mechanisms and then verifies that
the correct protocol strings were exchanged when the mails were retrieved or
sent. I think it would make sense to copy the setup from one or more of those
and just adapt to SHA-1 ?
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2020-12-25