From 723176efd7532edbce9a27a3433bb63186568327 Mon Sep 17 00:00:00 2001 From: Tobias Markmann <tm@ayena.de> Date: Sat, 15 Feb 2014 11:29:22 +0100 Subject: Fix SCRAM-SHA-1-PLUS channel binding negotiation code. (Thanks Kim Alvefur) For details see section 6. Channel Binding, point 2 in RFC 5802. Change-Id: If64ebb373ed7d63c8668b03b90b1f5e87be1ab19 License: This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details. diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp index f03cbaa..b29f63d 100644 --- a/Swiften/Client/ClientSession.cpp +++ b/Swiften/Client/ClientSession.cpp @@ -223,14 +223,14 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) { else if (streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1") || streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS")) { std::ostringstream s; ByteArray finishMessage; - bool plus = stream->isTLSEncrypted() && streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS"); - if (plus) { + bool plus = streamFeatures->hasAuthenticationMechanism("SCRAM-SHA-1-PLUS"); + if (stream->isTLSEncrypted()) { finishMessage = stream->getTLSFinishMessage(); plus &= !finishMessage.empty(); } s << boost::uuids::random_generator()(); SCRAMSHA1ClientAuthenticator* scramAuthenticator = new SCRAMSHA1ClientAuthenticator(s.str(), plus, idnConverter, crypto); - if (plus) { + if (!finishMessage.empty()) { scramAuthenticator->setTLSChannelBindingData(finishMessage); } authenticator = scramAuthenticator; -- cgit v0.10.2-6-g49f6