Miguel Brito <miguel.mdebr...@gmail.com> added the comment:
I had a look at the HMAC RFC and apparently empty bytes sequence can be used as secret key. "The definition of HMAC requires a cryptographic hash function, which we denote by H, and a secret key K. ... The authentication key K can be of any length up to B, the block length of the hash function." https://tools.ietf.org/html/rfc2104.html#section-2 Assuming that is the case, the fix would be to change the Listener to: ``` if self._authkey is not None: deliver_challenge(c, self._authkey) answer_challenge(c, self._authkey) return c ``` I created a PR for that, if anyone can review it, I appreciate it. https://github.com/python/cpython/pull/25845 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43952> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
