aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_saslauth.lua
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2023-10-26 14:40:48 +0100
committerMatthew Wild <mwild1@gmail.com>2023-10-26 14:40:48 +0100
commit4cd30325230fae9ab6945c25a5b75a3b03b3d818 (patch)
treecce95ff87dd8b44d11d7d31f52e2b0bdb5be5db0 /plugins/mod_saslauth.lua
parent32ce8884ba2c5310fa3c24b6a798c1573ea9ed25 (diff)
downloadprosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.tar.gz
prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.zip
mod_saslauth: Fix traceback in tls-server-end-point channel binding
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r--plugins/mod_saslauth.lua11
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 75bd28ae..4c0a5c1c 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -280,16 +280,21 @@ local function tls_server_end_point(self)
end
-- Hash function selection, see RFC 5929 ยง4.1
- local hash = hashes.sha256;
+ local hash, hash_name = hashes.sha256, "sha256";
if cert.getsignaturename then
local sigalg = cert:getsignaturename():lower():match("sha%d+");
if sigalg and sigalg ~= "sha1" and hashes[sigalg] then
-- This should have ruled out MD5 and SHA1
- hash = hashes[sigalg];
+ hash, hash_name = hashes[sigalg], sigalg;
end
end
- return hash(pem2der(cert));
+ local certdata_der = pem2der(cert:pem());
+ local hashed_der = hash(certdata_der);
+
+ module:log("debug", "tls-server-end-point: hex(%s(der)) = %q, hash = %s", hash_name, hex.encode(hashed_der));
+
+ return hashed_der;
end
local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };