# HG changeset patch # User Matthew Wild # Date 1667816478 0 # Node ID 4837232474ca05a045d44fbbe1367a04dce090b6 # Parent ddb1940b08e070e202b32d8c8255debc676f4067 mod_sasl2_fast: Fixes to make channel binding work again tls-endpoint isn't a thing that exists. Also, we needed to copy more channel binding state from the primary sasl_handler. Ideally we'd have a cleaner way to do this, but I think that's part of more substantial changes that the SASL API deserves. diff -r ddb1940b08e0 -r 4837232474ca mod_sasl2_fast/mod_sasl2_fast.lua --- a/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:19:10 2022 +0000 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Mon Nov 07 10:21:18 2022 +0000 @@ -98,6 +98,8 @@ end local sasl_handler = get_sasl_handler(username); if not sasl_handler then return; end + sasl_handler.profile.cb = session.sasl_handler.profile.cb; + sasl_handler.userdata = session.sasl_handler.userdata; session.fast_sasl_handler = sasl_handler; local fast = st.stanza("fast", { xmlns = xmlns_fast }); for mech in pairs(sasl_handler:mechanisms()) do @@ -150,7 +152,7 @@ local token_request = session.fast_token_request; local client_id = session.client_id; local sasl_handler = session.sasl_handler; - if token_request or sasl_handler.fast and sasl_handler.rotation_needed then + if token_request or (sasl_handler.fast and sasl_handler.rotation_needed) then if not client_id then session.log("warn", "FAST token requested, but missing client id"); return; @@ -202,10 +204,10 @@ backend_profile_name, cb_name ), - { cb_name }); + cb_name and { cb_name } or nil); end register_ht_mechanism("HT-SHA-256-NONE", "ht_sha_256", nil); register_ht_mechanism("HT-SHA-256-UNIQ", "ht_sha_256", "tls-unique"); -register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-endpoint"); +register_ht_mechanism("HT-SHA-256-ENDP", "ht_sha_256", "tls-server-end-point"); register_ht_mechanism("HT-SHA-256-EXPR", "ht_sha_256", "tls-exporter");