Hi,
using an program that incorporates the above libs, I experienced some
problems with them.
The program uses Authen-SASL 2.03 which seems "a bit old", but all in
all I still think the changes would also do 2.10 good.
1. Net::POP3
In auth () I don't like
my $mechanisms = $capa->{SASL} || 'CRAM-MD5';
If a server doesn't contain a SASL line I guess that has a reason. So
I'd not pretend he's wrong and still try CRAM-MD5.
Writing
my $mechanisms = $capa->{SASL};
return () unless $mechanisms;
instead would still work the same for users but save the try.
2. Authen::SASL::Perl
In 2.03 there was no DIGEST-MD5 and no GSSAPI, so Authen just exited
badly if the server only supported one of thos, which is fatal. Though
by supporting more algorithms the problem is mitigated in newer
versions, I'd still like seeing it not to croak.
What about replacing
or croak "No SASL mechanism found\n";
by
or return (); #No SASL mechanism found
in client_new ()?
auth () in Net::POP3 would need a
return () unless $client;
added between
my $client = $sasl->client_new('pop3',${*$self}{'net_pop3_host'},0);
and
my $str = $client->client_start;
and I guess
also initial () in Authen::SASL needs to get adjusted.
But that would prevent some program using the lib to get terminated.
Regards,
Jürgen
