On Mar 24, 2008, at 1:02 AM, Phil Pennock wrote:
Folks,
The Perl native DIGEST-MD5 implementation for Authen::SASL doesn't
actually implement the second stage verification. Instead, an attempt
to actually verify the server's second stage data results in:
Server did not provide required field(s): algorithm nonce
That's a bogus complaint, since the server is only supposed to return
rspauth.
This means that anyone using Authen::SASL::Perl for DIGEST-MD5
authentication is getting an error if they actually implement the
server
verification step. That this hasn't been an issue before now is ...
rather worrying.
The attached patch fixes DIGEST-MD5 authentication.
This patch no longer applies clean against the repository due to
ongoing work.
The SVN repository can be found at http://svn.goingon.net/repos/
Authen-SASL/trunk
Please also create a testcase which fails and shows the problem on
the version you have so we can verify that new code has fixed it.
Graham.
