SASL fails to send success-with-additional-data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Jabberd |
Confirmed
|
High
|
Unassigned |
Bug Description
jabberd2 2.2.9 using gsasl (though the cyrus sasl glue contains the same bug) fails to include the SASL "additional data" (see http://
This is bad because it ends up dropping actual data from the DIGEST-MD5 and SCRAM (http://
Most XMPP clients (well, I looked at Gajim and Psi) don't validate the DIGEST-MD5 rspauth, but this causes issues for Pidgin, which does, and thus refuses to connect to a jabberd2 server.
I've attached a(n anonymized) log.
Changed in jabberd2: | |
importance: | Undecided → High |
status: | New → Confirmed |
Although it's not strictly duplicate of Bug 899284, the root cause is the same.