# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1717774014 -3600
# Node ID e67fc7b66c139e06cbfdea8b7b373c6f55e6ba20
# Parent  254a21a104aa476955a6631992efe7acf7461ba8
mod_sasl2_fast: Fix malformed-request when using HT-*-NONE (thanks lnj!)

This crept into the previous commit which tried to fail early when CB was
requested but unavailable - that commit did not actually check that CB *was*
requested.

diff -r 254a21a104aa -r e67fc7b66c13 mod_sasl2_fast/mod_sasl2_fast.lua
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Fri Jun 07 16:14:58 2024 +0100
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Fri Jun 07 16:26:54 2024 +0100
@@ -196,14 +196,17 @@
 		if not authc_username then
 			return "failure", "malformed-request";
 		end
-		if not sasl_handler.profile.cb then
-			module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
-			return "failure", "malformed-request";
-		elseif not sasl_handler.profile.cb[cb_name] then
-			module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
-			return "failure", "malformed-request";
+		local cb_data;
+		if cb_name then
+			if not sasl_handler.profile.cb then
+				module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+				return "failure", "malformed-request";
+			elseif not sasl_handler.profile.cb[cb_name] then
+				module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+				return "failure", "malformed-request";
+			end
+			cb_data = sasl_handler.profile.cb[cb_name](sasl_handler) or "";
 		end
-		local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or "";
 		local ok, authz_username, response, rotation_needed = backend(
 			mechanism_name,
 			authc_username,