wneessen/go-mail
1
1
Fork 0
mirror of https://github.com/wneessen/go-mail.git synced 2024-11-22 05:40:50 +01:00
Code Issues Projects Releases Packages Wiki Activity

Improve error handling in SCRAM-SHA-X-PLUS authentication

Browse source 
Refactor error return to include more specific information and add a check for TLS connection state in SCRAM-SHA-X-PLUS authentication flow. This ensures clearer error messages and verifies essential prerequisites for secure authentication.
This commit is contained in:
Winni Neessen 2024-10-02 18:02:34 +02:00
parent 580981b158
commit e4dd62475a
Signed by: wneessen
GPG key ID: 385AC9889632126E
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
smtp/auth_scram.go
View file

@ -112,7 +112,7 @@ func (a *scramAuth) Next(fromServer []byte, more bool) ([]byte, error) {
return resp, nil return resp, nil
default: default:
a.reset() a.reset()
return nil, errors.New("unexpected server response") return nil, fmt.Errorf("%w: %s", ErrUnexpectedServerResponse, string(fromServer))
} }
} }
return nil, nil return nil, nil
@ -147,6 +147,9 @@ func (a *scramAuth) initialClientMessage() ([]byte, error) {
// SCRAM-SHA-X-PLUS auth requires channel binding // SCRAM-SHA-X-PLUS auth requires channel binding
if a.isPlus { if a.isPlus {
if a.tlsConnState == nil {
return nil, errors.New("tls connection state is required for SCRAM-SHA-X-PLUS")
}
bindType := "tls-unique" bindType := "tls-unique"
connState := a.tlsConnState connState := a.tlsConnState
bindData := connState.TLSUnique bindData := connState.TLSUnique