Re: Planning GNU SASL 1.0

[Simon Josefsson]

Darren Oh <address@hidden> writes:

> It would be nice if there were a common platform for SASL digest and
> HTTP digest authentication. See
> http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/securesite/digest_md5/?pathrev=DRUPAL-6--2
>  
>  for an example of what I'm talking about. I wrote it in PHP after I
> found that neither GNU SASL nor Cyrus SASL were capable of supporting
> HTTP digest authentication, and Apache did not support many of the
> security features of digest authentication.

Thanks for feedback!

Interesting.  This is somewhat beyond SASL, so I'm not sure it is a good
idea to expose it through the generic SASL library API.  However, to see
what this idea would entail, what kind of API function would do you
want?  Computing the shared secrets?  Or the entire protocol parsing?

The DIGEST-MD5 implementation in gsasl was written to be usable outside
of the library, so maybe you can re-use the code.  See the header files
in lib/digest-md5/, for example there is tokens.h as a generic header
and parser.h for the token parser functionality and printer.h to
generate the tokens.  The digesthmac.h header provides an API to compute
the response value.

/Simon


> On Jan 7, 2009, at 10:14 AM, Simon Josefsson wrote:
>
>> All,
>>
>> I'm planning the v1.0 release of GNU SASL.  If there is anything you
>> know is missing/broken, or have been thinking of mentioning some
>> issue,
>> now is the perfect time to do so.
>>
>> If you want to help make the release work best on many platforms, you
>> can test a daily snapshot:
>>
>> http://daily.josefsson.org/gsasl/gsasl-20090107.tar.gz
>>
>> /Simon
>>
>>
>> _______________________________________________
>> Help-gsasl mailing list
>> address@hidden
>> http://lists.gnu.org/mailman/listinfo/help-gsasl