jdev - 2019-10-10

  1. DebXWoody

    Hi. Where can I find more information about this message: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid channel binding value.</text></failure>?

  2. Zash

    I would guess that it's related to SCRAM?

  3. Zash

    Not enough context to be completely sure tho

  4. Zash

    Channel binding in SCRAM is described in https://tools.ietf.org/html/rfc5802#section-6

  5. Zash

    TL;DR it means either your auth code is wrong, or the server is buggy, or you're being man-in-the-middle'd

  6. DebXWoody

    It's prosody, I guess the server isn't buggy. ;-)

  7. DebXWoody

    I found a bug in gloox lib. I was able to fix this issue. Now, I get this message,.. I will take a look in details later,.. thanks.

  8. Zash

    Oh. I didn't recognise the message.

  9. Zash

    Can you post the full SASL exchange?

  10. Zash

    That message means that what's called "cbind-input" in the RFC isn't what it should be.

  11. Zash

    which is either gs2-header or gs2-header + channel binding data

  12. DebXWoody

    Zash, https://paste.debian.net/hidden/118ecf6d/

  13. Zash

    so cbind-input is "p=tls-unique,," which is just the gs2-header

  14. Zash

    missing the tls-unique blob

  15. DebXWoody

    Thanks. I think I need to understand the RFC, first. Just started to look into XMPP. For SCRAM-SHA-1 it will look like n,,n=nick,r=<whatever>. For SCRAM-SHA-1-PLUS it looks like p=tls-unique,,n=nick,r=<whatever>. On Debian Stretch it is working. on Debian Buster not.

  16. Zash

    PLUS is more than changing n to p=tls-unique.