Hi, I am looking for feedback and review of a patch that implement support for SCRAM-SHA-1 in curl via libgsasl:
https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram Is it okay to pass strings allocated by libgsasl back for later free() by libcurl? Some platforms used to have separate heap managers for different context, but I don't know if this is still a concern for libcurl. If so, the newly allocated strings received from libgsasl could be re-allocated and the libgsasl strings deallocated immediately. I don't know how to add self-tests -- can anyone explain how the existing CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work? Sample output from a successful SCRAM-SHA-1 authentication against a Dovecot server: jas@latte:~/src/curl-jas$ src/curl -v imap://jas:se...@xxx.xxx.xxx.xxx * Trying xxx.xxx.xxx.xxx:143... * Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 143 (#0) < * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2] Dovecot (Debian) ready. > A001 CAPABILITY < * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=SCRAM-SHA-1 AUTH=SCRAM-SHA-256 AUTH=NTLM AUTH=RPA AUTH=ANONYMOUS AUTH=EXTERNAL AUTH=XOAUTH2 < A001 OK Pre-login capabilities listed, post-login capabilities have more. > A002 AUTHENTICATE SCRAM-SHA-1 biwsbj1qYXMscj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWU= < + cj1sU05HL2xvWUJMS0lvZjI0dlhnZkluOWV8SmVbT0tBI3M1WU5mT0A0NTI8YzZiJEAqfi1oXG0iaUxuRC0tXjlHZGAyZEtTV3NpJH5aXi5JJT1zPG9TUmE0LHM9MGhrNDUrNU5Qd1plakxqMGNWOWdRQT09LGk9NDA5Ng== > Yz1iaXdzLHI9bFNORy9sb1lCTEtJb2YyNHZYZ2ZJbjllfEplW09LQSNzNVlOZk9ANDUyPGM2YiRAKn4taFxtImlMbkQtLV45R2RgMmRLU1dzaSR+Wl4uSSU9czxvU1JhNCxwPTJ0Z3pTZ29xY3Q3dHk3Q3Vac2tPckJ4bEFNcz0= < + dj1xbmZoY3hPMXV3YWI0UHgwYlJPNHg1OHlVSm89 > < * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE < A002 OK Logged in > A003 LIST "" * < * LIST (\HasNoChildren) "/" INBOX * LIST (\HasNoChildren) "/" INBOX < A003 OK List completed (0.001 + 0.000 secs). * Connection #0 to host xxx.xxx.xxx.xxx left intact jas@latte:~/src/curl-jas$ /Simon
signature.asc
Description: PGP signature
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
