changeset
SCRAM: Add channel binding support (SCRAM-SHA-1-PLUS)
Thu, 18 Sep 2014 19:03:15 +0200
- author
- Kim Alvefur <zash@zash.se>
- date
- Thu, 18 Sep 2014 19:03:15 +0200
- changeset 356
- f95e797895ee
- parent 355
- dfe095fcf89c
- child 357
- ed12e00991b1
SCRAM: Add channel binding support (SCRAM-SHA-1-PLUS)
| util/sasl/scram.lua | file | annotate | diff | comparison | revisions |
--- a/util/sasl/scram.lua Thu Sep 18 19:02:13 2014 +0200 +++ b/util/sasl/scram.lua Thu Sep 18 19:03:15 2014 +0200 @@ -50,7 +50,11 @@ local nonce = "r=" .. c_nonce; local client_first_message_bare = username .. "," .. nonce; local cbind_data = ""; - local gs2_cbind_flag = "n" -- TODO channel binding + local gs2_cbind_flag = "y"; + if name == "SCRAM-SHA-1-PLUS" then + cbind_data = stream.conn:socket():getfinished(); + gs2_cbind_flag = "p=tls-unique"; + end local gs2_header = gs2_cbind_flag .. ",,"; local client_first_message = gs2_header .. client_first_message_bare; local cont, server_first_message = coroutine.yield(client_first_message); @@ -98,6 +102,10 @@ if stream.username and (stream.password or (stream.client_key or stream.server_key)) then mechanisms["SCRAM-SHA-1"] = scram; preference["SCRAM-SHA-1"] = 99; - -- TODO SCRAM-SHA-1-PLUS + local sock = stream.conn:ssl() and stream.conn:socket(); + if sock and sock.getfinished then + mechanisms["SCRAM-SHA-1-PLUS"] = scram; + preference["SCRAM-SHA-1-PLUS"] = 100 + end end end
