When using the DIGEST-MD5 mechanism, a client may choose to attempt a "subsequent authentication" by using previous authentication information as a shortcut. Java's SASL implementation does not support this, and when a client supplies an initial token an exception is thrown. This violates RFC 2831, since the server needs to respond with a challenge not an error in this case.
Environment
None
Activity
Show:
Guus der Kinderen
November 19, 2007 at 9:00 PM
Two of my users (one using Adium, the other using Pidgin itself) are reporting that this fix works for them.
Jay Kline
September 5, 2007 at 9:30 PM
r9056 should fix this issue in trunk. If we can get a few people to verify this with gaim/pidgin its easy enough to backport to other branches/versions if needed.
Major
When using the DIGEST-MD5 mechanism, a client may choose to attempt a "subsequent authentication" by using previous authentication information as a shortcut. Java's SASL implementation does not support this, and when a client supplies an initial token an exception is thrown. This violates RFC 2831, since the server needs to respond with a challenge not an error in this case.