On 10.05.2017 18:45, Ken Murchison wrote: [...] >> ***It would be interesting to know, what the original author of that >> suspicious line in httpd.c had intended.*** > > Setting maxbufsize to zero disables integrity and security protection > since no HTTP client that I found uses qop=auth-int > > Which cyrus-sasl version did you use?
At least *here* using *Fedoras* packaged cyrus-sasl-2.1.26 (which admittingly turned out to be heavily patched by RedHat - for security?), the invocation of either sasl_setprop(httpd_saslconn, SASL_SEC_PROPS, secprops) or sasl_setprop(httpd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf) returns a value != SASL_OK. Both printed the same error message (changes with my pull request) which is why I can't tell which one failed (most likely the first one though). If you like to have a look at RedHat's patches to cyrus-sasl-2.1.26, you can browse them here: https://build.opensuse.org/package/show/home:felfert/cyrus-sasl Cheers -Fritz
signature.asc
Description: OpenPGP digital signature
