Re: GNU SASL 0.2.26

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU SASL 0.2.26

From:	Adam Goode
Subject:	Re: GNU SASL 0.2.26
Date:	Mon, 05 May 2008 14:02:10 -0400
User-agent:	Thunderbird 2.0.0.12 (X11/20080418)

Simon Josefsson wrote:
> ** DIGEST-MD5 server: don't reject authentication if client doesn't use utf-8.
> Before, authentication from all non-UTF-8 clients were simply
> rejected.  When this situation occurs now, the username is translated
> into UTF-8 before being passed on to applications.  Further, the
> password retrieved from the application is converted from UTF-8 to
> ISO-8859-1 if that is possible.
> 
> Reported by marty <address@hidden> in
> <http://lists.gnu.org/archive/html/help-gsasl/2008-03/msg00002.html>.
> See also <http://jabberd2.xiaoka.com/ticket/200> and
> <http://developer.pidgin.im/ticket/5213>.  Thanks to Pawel Widera
> <address@hidden> for testing and fixing a silly typo in the code
> that prevented it from working.
> 
> ** DIGEST-MD5 client: convert password from UTF-8 to ISO-8859-1 before hash.
> For compatibility with server.
> 

Hi,

I'm glad this bug in Digest-MD5 is addressed, though it is only 1/3 there!

As noted here, you should also utf8-to-latin1-if-possible REALM and
USERNAME:
http://lists.gnu.org/archive/html/help-gsasl/2007-12/msg00001.html


Thanks,

Adam

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

GNU SASL 0.2.26, Simon Josefsson, 2008/05/05
- Re: GNU SASL 0.2.26, Adam Goode <=

Prev by Date: GNU SASL 0.2.26
Next by Date: Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "charset=utf-8" in response
Previous by thread: GNU SASL 0.2.26
Next by thread: Patch for native Win32 Digitalmars C Compiler support
Index(es):
- Date
- Thread