mod_saslauth: Fix traceback in tls-server-end-point channel binding

author: Matthew Wild <mwild1@gmail.com> 2023-10-26 14:40:48 +0100
committer: Matthew Wild <mwild1@gmail.com> 2023-10-26 14:40:48 +0100
commit: 4cd30325230fae9ab6945c25a5b75a3b03b3d818 (patch)
tree: cce95ff87dd8b44d11d7d31f52e2b0bdb5be5db0 /plugins
parent: 32ce8884ba2c5310fa3c24b6a798c1573ea9ed25 (diff)
download: prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.tar.gz
prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 75bd28ae..4c0a5c1c 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -280,16 +280,21 @@ local function tls_server_end_point(self)
 	end
 
 	-- Hash function selection, see RFC 5929 §4.1
-	local hash = hashes.sha256;
+	local hash, hash_name = hashes.sha256, "sha256";
 	if cert.getsignaturename then
 		local sigalg = cert:getsignaturename():lower():match("sha%d+");
 		if sigalg and sigalg ~= "sha1" and hashes[sigalg] then
 			-- This should have ruled out MD5 and SHA1
-			hash = hashes[sigalg];
+			hash, hash_name = hashes[sigalg], sigalg;
 		end
 	end
 
-	return hash(pem2der(cert));
+	local certdata_der = pem2der(cert:pem());
+	local hashed_der = hash(certdata_der);
+
+	module:log("debug", "tls-server-end-point: hex(%s(der)) = %q, hash = %s", hash_name, hex.encode(hashed_der));
+
+	return hashed_der;
 end
 
 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
author	Matthew Wild <mwild1@gmail.com>	2023-10-26 14:40:48 +0100
committer	Matthew Wild <mwild1@gmail.com>	2023-10-26 14:40:48 +0100
commit	4cd30325230fae9ab6945c25a5b75a3b03b3d818 (patch)
tree	cce95ff87dd8b44d11d7d31f52e2b0bdb5be5db0 /plugins
parent	32ce8884ba2c5310fa3c24b6a798c1573ea9ed25 (diff)
download	prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.tar.gz prosody-4cd30325230fae9ab6945c25a5b75a3b03b3d818.zip