On 11/01/2015 03:17 PM, Julien ÉLIE via Cyrus-sasl wrote:
Hi,
I am currently working on implementing the NNTP COMPRESS command in
the InternetNetNews news server. This commands permits to start a
compression layer (like the COMPRESS command for IMAP).
I have a question about a possible already active compression layer
after the use of SASL authentication. Is there a way to check whether
a compression layer has been negotiated during SASL authentication?
With OpenSSL, we can use the SSL_get_current_compression() function to
see whether a compression layer has been negotiated at the same time
of the TLS encryption layer. A similar function could be useful in
Cyrus SASL if it does not already exist. (Maybe current or future SASL
mechanisms can or will negotiate a compression layer.)
Note: it could be a property like SASL_SSF that InternetNewsNews
already checks after SASL authentication to see whether an encryption
layer has been negotiated. If the value of that property is >0, the
use of STARTTLS is disabled as an encryption layer already exists.
There is no such property defined in the SASL API at this time.
--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
