Mercurial > prosody-modules
diff mod_sasl2_fast/mod_sasl2_fast.lua @ 5083:4837232474ca
mod_sasl2_fast: Fixes to make channel binding work again
tls-endpoint isn't a thing that exists.
Also, we needed to copy more channel binding state from the primary
sasl_handler. Ideally we'd have a cleaner way to do this, but I think that's
part of more substantial changes that the SASL API deserves.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 07 Nov 2022 10:21:18 +0000 |
parents | ddb1940b08e0 |
children | dda2af7ed02f |
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:19:10 2022 +0000 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:21:18 2022 +0000 @@ -98,6 +98,8 @@ end local sasl_handler = get_sasl_handler(username); if not sasl_handler then return; end + sasl_handler.profile.cb = session.sasl_handler.profile.cb; + sasl_handler.userdata = session.sasl_handler.userdata; session.fast_sasl_handler = sasl_handler; local fast = st.stanza("fast", { xmlns = xmlns_fast }); for mech in pairs(sasl_handler:mechanisms()) do @@ -150,7 +152,7 @@ local token_request = session.fast_token_request; local client_id = session.client_id; local sasl_handler = session.sasl_handler; - if token_request or sasl_handler.fast and sasl_handler.rotation_needed then + if token_request or (sasl_handler.fast and sasl_handler.rotation_needed) then if not client_id then session.log("warn", "FAST token requested, but missing client id"); return; @@ -202,10 +204,10 @@ backend_profile_name, cb_name ), - { cb_name }); + cb_name and { cb_name } or nil); end register_ht_mechanism("HT-SHA-256-NONE", "ht_sha_256", nil); register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique"); -register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-endpoint"); +register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-server-end-point"); register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter");