diff options
author | Matthew Wild <mwild1@gmail.com> | 2023-10-26 14:40:48 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2023-10-26 14:40:48 +0100 |
commit | 4cd30325230fae9ab6945c25a5b75a3b03b3d818 (patch) | |
tree | cce95ff87dd8b44d11d7d31f52e2b0bdb5be5db0 /plugins/mod_saslauth.lua | |
parent | 32ce8884ba2c5310fa3c24b6a798c1573ea9ed25 (diff) | |
download | prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.tar.gz prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.zip |
mod_saslauth: Fix traceback in tls-server-end-point channel binding
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r-- | plugins/mod_saslauth.lua | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 75bd28ae..4c0a5c1c 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -280,16 +280,21 @@ local function tls_server_end_point(self) end -- Hash function selection, see RFC 5929 ยง4.1 - local hash = hashes.sha256; + local hash, hash_name = hashes.sha256, "sha256"; if cert.getsignaturename then local sigalg = cert:getsignaturename():lower():match("sha%d+"); if sigalg and sigalg ~= "sha1" and hashes[sigalg] then -- This should have ruled out MD5 and SHA1 - hash = hashes[sigalg]; + hash, hash_name = hashes[sigalg], sigalg; end end - return hash(pem2der(cert)); + local certdata_der = pem2der(cert:pem()); + local hashed_der = hash(certdata_der); + + module:log("debug", "tls-server-end-point: hex(%s(der)) = %q, hash = %s", hash_name, hex.encode(hashed_der)); + + return hashed_der; end local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |