[
https://issues.apache.org/jira/browse/QPIDJMS-294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16111249#comment-16111249
]
ASF subversion and git services commented on QPIDJMS-294:
---------------------------------------------------------
Commit 53d96e8a5162257894aaaf3951b4ce1d77e641ed in qpid-jms's branch
refs/heads/master from [~k-wall]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-jms.git;h=53d96e8 ]
QPIDJMS-294: allow the SCRAM mechanisms to verify the server final message if
it is sent in the additional-data field of the sasl-outcome frame, and ensure
that SASL mechanism has completed before allowing authentication to complete
successfully.
This closes #9.
> The SCRAM-SHA-* SASL mechanisms should verify the server final message if it
> is sent in the additional-data field of sasl-outcome
> ---------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPIDJMS-294
> URL: https://issues.apache.org/jira/browse/QPIDJMS-294
> Project: Qpid JMS
> Issue Type: Bug
> Affects Versions: 0.23.0
> Reporter: Rob Godfrey
> Fix For: 0.24.0
>
>
> Currently the client will only verify the server final message if it is sent
> as an extra challenge in the sasl exchange.
> The client should also verify if the server final message is sent as
> additional-data on the sasl outcome (which is really the way this should
> always be sent).
> In order to do this PROTON-1486 will need fixing
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
