SASL property for compression layer

Ken Murchison murch at andrew.cmu.edu
Mon Nov 16 17:04:16 EST 2015


On 11/01/2015 03:17 PM, Julien ÉLIE via Cyrus-sasl wrote:
> Hi,
>
> I am currently working on implementing the NNTP COMPRESS command in 
> the InternetNetNews news server.  This commands permits to start a 
> compression layer (like the COMPRESS command for IMAP).
>
> I have a question about a possible already active compression layer 
> after the use of SASL authentication.  Is there a way to check whether 
> a compression layer has been negotiated during SASL authentication?
>
>
> With OpenSSL, we can use the SSL_get_current_compression() function to 
> see whether a compression layer has been negotiated at the same time 
> of the TLS encryption layer.  A similar function could be useful in 
> Cyrus SASL if it does not already exist. (Maybe current or future SASL 
> mechanisms can or will negotiate a compression layer.)
>
>
> Note:  it could be a property like SASL_SSF that InternetNewsNews 
> already checks after SASL authentication to see whether an encryption 
> layer has been negotiated.  If the value of that property is >0, the 
> use of STARTTLS is disabled as an encryption layer already exists.
>


There is no such property defined in the SASL API at this time.

-- 
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University



More information about the Cyrus-sasl mailing list