Gordon Sim commented on PROTON-1008:

The commit referenced above was made to revert to pre 0.10 behaviour, where a 
SASL layer was not used unless a username was specified (even if that was 
'anonymous'). All it does is avoids making a call to pn_sasl_allowed_mechs if 
no mechanisms have been specified. I believe that is actually sensible 

There does need to be a way to avoid using SASL, though whether it needs to be 
off unless requested as it was prior to the 0.10 release is certainly debatable.

> Using a blank mech_list disables authentication
> -----------------------------------------------
>                 Key: PROTON-1008
>                 URL: https://issues.apache.org/jira/browse/PROTON-1008
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: python-binding
>    Affects Versions: 0.11
>            Reporter: Ted Ross
>            Assignee: Gordon Sim
>             Fix For: 0.11
> This bug was introduced in commit
> https://github.com/apache/qpid-proton/commit/14956b07edc3de93f67179c753bbedcd9eba51a6
> If the client leaves allowed_mechs as None, the SASL protocol is not even 
> executed.  I claim that allowed_mechs is used to restrict the set of 
> acceptable mechanisms.  If it is None, then all available mechanisms may be 
> used.
> This bug causes a failure in the Qpid Dispatch test suite 
> (system_tests_qdstat).  The failure is when the server requires 
> authentication and will accept EXTERNAL and the client has a valid 
> client-certificate but doesn't use the sasl protocol because qdstat doesn't 
> (and can't) set the allowed_mechs.

This message was sent by Atlassian JIRA

Reply via email to