Daniel Stenberg via curl-library <curl-library@cool.haxx.se> writes: > On Thu, 24 Dec 2020, Simon Josefsson via curl-library wrote: > > Hi Simon! > > Thanks for contributing to curl! > >> I am looking for feedback and review of a patch that implement >> support for SCRAM-SHA-1 in curl via libgsasl: >> >> https://github.com/curl/curl/compare/master...jas4711:jas4711/gsasl-scram > > We generally prefer if you just go ahead and submit it as a pull > request, so that it gets scrutinized by the tools first and then human > review on github.
Hi Daniel, thanks for feedback. I have pushed it as a pull request now. >> Is it okay to pass strings allocated by libgsasl back for later >> free() by libcurl? Some platforms used to have separate heap >> managers for different context, but I don't know if this is still a >> concern for libcurl. If so, the newly allocated strings received >> from libgsasl could be re-allocated and the libgsasl strings >> deallocated immediately. > > It is still a concern. Windows is the one platform that still has that > widespread use of different heap managers in different parts and > Windows users make up a significant user share in curl land. Agreed, I have fixed this in the push above. >> I don't know how to add self-tests -- can anyone explain how the >> existing CRAM-MD5/DIGEST-MD5/NTLM/etc self-tests work? > > I believe Steve Holme would be the best guy to explain this, but he's > been "laying low" recently. > > There seems to be 10 existing tests that use CRAM-MD5 (I just grepped > for "CRAM-MD5" in tests/data/), for IMAP and SMTP. They basically make > sure that the test server claims to support the auth mechanisms and > then verifies that the correct protocol strings were exchanged when > the mails were retrieved or sent. I think it would make sense to copy > the setup from one or more of those and just adapt to SHA-1 ? I still haven't figured this out, but I just noticed pull request #5155 that may help me. Btw, that pull request add TLS channel binding supports, which is required for SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS. /Simon
signature.asc
Description: PGP signature
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
