possible XMPP SASL bug?
Evan Schoenberg, M.D.
evan at adium.im
Thu Apr 29 18:58:49 UTC 2010
My apologies for the long delay; this (Feb 3) is where I'm up to my in my email box, sadly.
On Feb 3, 2010, at 4:53 PM, Peter Saint-Andre wrote:
> Someone reported to me trouble logging in to jabber.org. It seems that
> his copy of Adium (1.4b17 on Snow Leopard) is trying DIGEST-MD5 but then
> immediately after sending a <response/> it also tries CRAM-MD5 without
> having received a further challenge or response from the server.
>
> The relevant snippet of debug output is:
>
> 16:23:43: (Libpurple: jabber) Sending (ssl) ([elided]@jabber.org/foo):
> <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>[elided]</response>
>
> 16:23:43: (Libpurple: jabber) Sending (ssl) ([elided]@jabber.org/foo):
> <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='CRAM-MD5'
> xmlns:ga='http://www.google.com/talk/protocol/auth'
> ga:client-uses-full-bind-result='true'/>
>
> It seems odd to send a DIGEST-MD5 response and then immediately try to
> start a CRAM-MD5 negotiation. Am I missing something?
>
> BTW this does not happen for me with 1.4b17 on Leopard. Could it be a
> problem with his account credentials? It seems to me that Adium would at
> least wait for another challenge or for SASL failure from the server
> before starting the CRAM-MD5 attempt. Is this possibly a workaround for
> iChat server?
>
I don't see offhand where this could happen; we should be awaiting a response before trying the next auth mechanism. Does he reliably reproduce it? If so: Does it happen for another Jabber account on jabber.org? Does it happen on another server entirely which supports both DIGEST-MD5 and CRAM-MD5?
Cheers,
Evan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20100429/6cbf4deb/attachment-0002.html>
More information about the devel
mailing list