On Thu, 24 Dec 2020, Simon Josefsson via curl-library wrote:
Hi Simon!
Thanks for contributing to curl!
I am looking for feedback and review of a patch that implement support for
SCRAM-SHA-1 in curl via libgsasl:
https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram
We generally prefer if you just go ahead and submit it as a pull request, so
that it gets scrutinized by the tools first and then human review on github.
Is it okay to pass strings allocated by libgsasl back for later free() by
libcurl? Some platforms used to have separate heap managers for different
context, but I don't know if this is still a concern for libcurl. If so,
the newly allocated strings received from libgsasl could be re-allocated and
the libgsasl strings deallocated immediately.
It is still a concern. Windows is the one platform that still has that
widespread use of different heap managers in different parts and Windows users
make up a significant user share in curl land.
I don't know how to add self-tests -- can anyone explain how the existing
CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work?
I believe Steve Holme would be the best guy to explain this, but he's been
"laying low" recently.
There seems to be 10 existing tests that use CRAM-MD5 (I just grepped for
"CRAM-MD5" in tests/data/), for IMAP and SMTP. They basically make sure that
the test server claims to support the auth mechanisms and then verifies that
the correct protocol strings were exchanged when the mails were retrieved or
sent. I think it would make sense to copy the setup from one or more of those
and just adapt to SHA-1 ?
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
