# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1411059795 -7200
# Node ID f95e797895eee46b6abc76383f1d36ca3da6997f
# Parent  dfe095fcf89c9f86234999e2c9d2199d70c4472c
SCRAM: Add channel binding support (SCRAM-SHA-1-PLUS)

diff -r dfe095fcf89c -r f95e797895ee util/sasl/scram.lua
--- a/util/sasl/scram.lua	Thu Sep 18 19:02:13 2014 +0200
+++ b/util/sasl/scram.lua	Thu Sep 18 19:03:15 2014 +0200
@@ -50,7 +50,11 @@
 	local nonce = "r=" .. c_nonce;
 	local client_first_message_bare = username .. "," .. nonce;
 	local cbind_data = "";
-	local gs2_cbind_flag = "n" -- TODO channel binding
+	local gs2_cbind_flag = "y";
+	if name == "SCRAM-SHA-1-PLUS" then
+		cbind_data = stream.conn:socket():getfinished();
+		gs2_cbind_flag = "p=tls-unique";
+	end
 	local gs2_header = gs2_cbind_flag .. ",,";
 	local client_first_message = gs2_header .. client_first_message_bare;
 	local cont, server_first_message = coroutine.yield(client_first_message);
@@ -98,6 +102,10 @@
 	if stream.username and (stream.password or (stream.client_key or stream.server_key)) then
 		mechanisms["SCRAM-SHA-1"] = scram;
 		preference["SCRAM-SHA-1"] = 99;
-		-- TODO SCRAM-SHA-1-PLUS
+		local sock = stream.conn:ssl() and stream.conn:socket();
+		if sock and sock.getfinished then
+			mechanisms["SCRAM-SHA-1-PLUS"] = scram;
+			preference["SCRAM-SHA-1-PLUS"] = 100
+		end
 	end
 end