Using PLAIN is broken in ruby 3.1.0 #52
Labels
SASL 🔒
Authentication and authentication mechanisms
Comments
|
The problem also occurs in ruby 3.0.3, so I did some more digging. Bisection reveals that this is the commit that broke authenticating with PLAIN: |
|
Version 0.1.1 of the net-imap gem is fine. But when I install a new ruby, |
|
@chdiza Thanks for your report. I've just released net-imap-0.2.3. Please try it. |
|
Seems to work, thanks!! |
|
Yikes. Sorry about that. 😳 Thanks, @shugo! |
nevans
added a commit
to nevans/net-imap
that referenced
this issue
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes rubyGH-55): * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes rubyGH-56. * This is a backwards-compatible alternative to the approach in rubyGH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. Additionally: * Adds basic tests for every authenticator (to avoid another rubyGH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes rubyGH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
that referenced
this issue
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * delay loading stdgem dependencies until `#initialize`. Fixes GH-56. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * By making these optional, there's no reason to require the `digest` or `strscan` gems anymore; fixes GH-56. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
nevans
added a commit
that referenced
this issue
Jul 16, 2022
Mark obolete SASL mechanisms as deprecated (fixes GH-55): * This is a backwards-compatible alternative to the approach in GH-58 (don't require and add the deprecated authenticators automatically). We can use that incompatible approach in a later version. * Warn every time a deprecated mechanism is used. * Warnings can be disabled with `warn_deprecation: false` * Fixes GH-56: delay loading standard gem dependencies until `#initialize`, and convert the gems to development dependencies. Additionally: * Adds basic tests for every authenticator (to avoid another GH-52!) * Fixes a frozen string bug in DigestMD5Authenticator. * Fixes constant resolution for exceptions in DigestMD5Authenticator. * Can register an authenticator type that responds to #call (instead of #new). I was originally going to register deprecated authenticators with a Proc that required the file and issued a warning, but I decided to put everything into the initializer instead. `#authenticator` needed to be updated to safely delegate all args, and I left this in. The DIGEST-MD5 bug was originally reported, tested, and fixed by @singpolyma here: nevans/net-sasl#3. Co-authored-by: Stephen Paul Weber <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For years, up to and including ruby 2.7.5, I've been able to authenticate into some IMAP servers (even gmail) like so:
I've just upgraded to ruby 3.1.0 (from 2.7.5), and now this doesn't work on any of those servers. Instead I get:
If I switch back to ruby 2.7.5 it works again.
I'm not knowledgeable enough to understand why this stopped working.
The text was updated successfully, but these errors were encountered: