Skip to content

Commit c902e08

Browse files
astitcherastitcher
committed
PROTON-2502: Stop testing using MD5 SASL mechanisms
MD5 based mechanisms are now considered insecure and future systems will be configured without them available. We should stop using them to test Proton so we can build on securely configured machines.
1 parent ec535e7 commit c902e08

File tree

3 files changed

+15
-34
lines changed

3 files changed

+15
-34
lines changed

INSTALL.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,10 @@ Linux dependencies
1919

2020
- GNU Make 3.81+
2121
- GCC 4.8.4+
22-
- Cyrus SASL 2.1+ (for SASL support)
22+
- Cyrus SASL 2.1.26+ (for SASL support)
2323
- OpenSSL 1.0+ (for SSL support)
2424
- JsonCpp 1.8+ for C++ connection configuration file support
25-
- Python 2.7, 3.5+ (for the Python binding)
25+
- Python 3.5+ (for the Python binding)
2626

2727
Windows dependencies
2828

@@ -44,7 +44,7 @@ language.
4444
$ yum install openssl-devel
4545

4646
# Dependencies needed for Cyrus SASL support
47-
$ yum install cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-md5
47+
$ yum install cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-scram
4848

4949
# Dependencies needed for bindings
5050
$ yum install swig # Required for all bindings

python/setuputils/misc.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,7 @@
1313

1414

1515
import errno
16-
import os
1716
import subprocess
18-
import sys
1917

2018
from . import log
2119

python/tests/proton_tests/sasl.py

Lines changed: 12 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -326,20 +326,6 @@ def testANON(self):
326326
self.t2.bind(self.c2)
327327
_testSaslMech(self, 'ANONYMOUS', authUser='anonymous')
328328

329-
def testCRAMMD5(self):
330-
common.ensureCanTestExtendedSASL()
331-
332-
self.t1.bind(self.c1)
333-
self.t2.bind(self.c2)
334-
_testSaslMech(self, 'CRAM-MD5')
335-
336-
def testDIGESTMD5(self):
337-
common.ensureCanTestExtendedSASL()
338-
339-
self.t1.bind(self.c1)
340-
self.t2.bind(self.c2)
341-
_testSaslMech(self, 'DIGEST-MD5')
342-
343329
# PLAIN shouldn't work without encryption without special setting
344330
def testPLAINfail(self):
345331
common.ensureCanTestExtendedSASL()
@@ -367,15 +353,12 @@ def testPLAIN(self):
367353
self.t2.bind(self.c2)
368354
_testSaslMech(self, 'PLAIN')
369355

370-
# SCRAM not supported before Cyrus SASL 2.1.26
371-
# so not universal and hence need a test for support
372-
# to keep it in tests.
373-
# def testSCRAMSHA1(self):
374-
# common.ensureCanTestExtendedSASL()
375-
#
376-
# self.t1.bind(self.c1)
377-
# self.t2.bind(self.c2)
378-
# _testSaslMech(self, 'SCRAM-SHA-1')
356+
def testSCRAMSHA1(self):
357+
common.ensureCanTestExtendedSASL()
358+
359+
self.t1.bind(self.c1)
360+
self.t2.bind(self.c2)
361+
_testSaslMech(self, 'SCRAM-SHA-1')
379362

380363

381364
def _sslConnection(domain, transport, connection):
@@ -550,7 +533,7 @@ def testNormalAuthenticationClient(self):
550533
self.c1.collect(self.collector)
551534
self.t1.bind(self.c1)
552535
self.t2.bind(self.c2)
553-
_testSaslMech(self, 'DIGEST-MD5')
536+
_testSaslMech(self, 'SCRAM-SHA-1')
554537
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
555538
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
556539
Event.CONNECTION_REMOTE_OPEN)
@@ -560,7 +543,7 @@ def testNormalAuthenticationServer(self):
560543
self.c2.collect(self.collector)
561544
self.t1.bind(self.c1)
562545
self.t2.bind(self.c2)
563-
_testSaslMech(self, 'DIGEST-MD5')
546+
_testSaslMech(self, 'SCRAM-SHA-1')
564547
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
565548
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
566549
Event.CONNECTION_REMOTE_OPEN)
@@ -572,7 +555,7 @@ def testFailedAuthenticationClient(self):
572555
self.c1.collect(self.collector)
573556
self.t1.bind(self.c1)
574557
self.t2.bind(self.c2)
575-
_testSaslMech(self, 'DIGEST-MD5', clientUser=clientUser, authenticated=False)
558+
_testSaslMech(self, 'SCRAM-SHA-1', clientUser=clientUser, authenticated=False)
576559
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
577560
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
578561
Event.TRANSPORT_ERROR,
@@ -586,7 +569,7 @@ def testFailedAuthenticationServer(self):
586569
self.c2.collect(self.collector)
587570
self.t1.bind(self.c1)
588571
self.t2.bind(self.c2)
589-
_testSaslMech(self, 'DIGEST-MD5', clientUser=clientUser, authenticated=False)
572+
_testSaslMech(self, 'SCRAM-SHA-1', clientUser=clientUser, authenticated=False)
590573
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
591574
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
592575
Event.TRANSPORT_ERROR,
@@ -599,7 +582,7 @@ def testNoMechClient(self):
599582
self.s2.allowed_mechs('IMPOSSIBLE')
600583
self.t1.bind(self.c1)
601584
self.t2.bind(self.c2)
602-
_testSaslMech(self, 'DIGEST-MD5', authenticated=False)
585+
_testSaslMech(self, 'SCRAM-SHA-1', authenticated=False)
603586
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
604587
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
605588
Event.TRANSPORT_ERROR,
@@ -611,7 +594,7 @@ def testNoMechServer(self):
611594
self.s2.allowed_mechs('IMPOSSIBLE')
612595
self.t1.bind(self.c1)
613596
self.t2.bind(self.c2)
614-
_testSaslMech(self, 'DIGEST-MD5', authenticated=False)
597+
_testSaslMech(self, 'SCRAM-SHA-1', authenticated=False)
615598
self.expect(Event.CONNECTION_INIT, Event.CONNECTION_BOUND,
616599
Event.CONNECTION_LOCAL_OPEN, Event.TRANSPORT,
617600
Event.TRANSPORT_TAIL_CLOSED,

0 commit comments

Comments
 (0)