[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: DIGEST-MD5 not working with svnserve/SASL

From: David Glasser <glasser_at_davidglasser.net>
Date: Thu, 1 May 2008 12:31:57 -0700

On Thu, May 1, 2008 at 12:06 PM, Mark Phippard <markphip_at_gmail.com> wrote:
> On Thu, May 1, 2008 at 2:54 PM, Eric Gillespie <epg_at_pretzelnet.org> wrote:
> > "Mark Phippard" <markphip_at_gmail.com> writes:
> >
> >
> > > > May 1 10:50:06 svnfe-test svnserve[1696]: encoded packet size too big (809115648 > 4096)
> > >
> > > How did you get that? The new trunk logging?
> >
> > No, Cyrus sasl uses syslog on linux, so you'll find that even
> > without the new logging.
>
> OK, thanks. I see it on OSX too, with same error message you saw:
>
> May 1 15:04:50 : encoded packet size too big (809115648 > 4096)
>
>
> > > I am not sure why CRAM-MD5 does not have the same problem. Possibly
> > > because it winds up using pre-SASL code or something?
> >
> > No, since we use SASL to hook into our custom user database, we
> > are certain that we're not bypasing SASL.
>
> Well I meant after the authentication maybe DIGEST and CRAM are
> different. For example, the docs seemed to imply the encryption only
> kicks in for DIGEST.

You are correct that this is the difference. The client was sending
an empty string response (encoded as "0: ") when the SASL conversation
should have been finished. This confused the server, which assumed
everything coming next was encoded specially (encrypted?).

See r30896; tell me if it fixes things for you (and doesn't break
other auth versions, etc).

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-01 21:32:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.