-
DebXWoody
Hi. Where can I find more information about this message: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid channel binding value.</text></failure>?
-
Zash
I would guess that it's related to SCRAM?
-
Zash
Not enough context to be completely sure tho
-
Zash
Channel binding in SCRAM is described in https://tools.ietf.org/html/rfc5802#section-6
-
Zash
TL;DR it means either your auth code is wrong, or the server is buggy, or you're being man-in-the-middle'd
-
DebXWoody
It's prosody, I guess the server isn't buggy. ;-)
-
DebXWoody
I found a bug in gloox lib. I was able to fix this issue. Now, I get this message,.. I will take a look in details later,.. thanks.
-
Zash
Oh. I didn't recognise the message.
-
Zash
Can you post the full SASL exchange?
-
Zash
That message means that what's called "cbind-input" in the RFC isn't what it should be.
-
Zash
which is either gs2-header or gs2-header + channel binding data
-
DebXWoody
Zash, https://paste.debian.net/hidden/118ecf6d/
-
Zash
so cbind-input is "p=tls-unique,," which is just the gs2-header
-
Zash
missing the tls-unique blob
-
DebXWoody
Thanks. I think I need to understand the RFC, first. Just started to look into XMPP. For SCRAM-SHA-1 it will look like n,,n=nick,r=<whatever>. For SCRAM-SHA-1-PLUS it looks like p=tls-unique,,n=nick,r=<whatever>. On Debian Stretch it is working. on Debian Buster not.
-
Zash
PLUS is more than changing n to p=tls-unique.