[
https://issues.apache.org/jira/browse/QPIDJMS-294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096436#comment-16096436
]
ASF GitHub Bot commented on QPIDJMS-294:
----------------------------------------
Github user k-wall commented on the issue:
https://github.com/apache/qpid-jms/pull/9
I have refreshed the pull request and added a test case around
AmqpSaslAuthenticator.
> The SCRAM-SHA-* SASL mechanisms should verify the server final message if it
> is sent in the additional-data field of sasl-outcome
> ---------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-294
> URL: https://issues.apache.org/jira/browse/QPIDJMS-294
> Project: Qpid JMS
> Issue Type: Bug
> Affects Versions: 0.23.0
> Reporter: Rob Godfrey
> Fix For: 0.24.0
>
>
> Currently the client will only verify the server final message if it is sent
> as an extra challenge in the sasl exchange.
> The client should also verify if the server final message is sent as
> additional-data on the sasl outcome (which is really the way this should
> always be sent).
> In order to do this PROTON-1486 will need fixing
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
