* lisp/net/sasl-scram-rfc.el (sasl-scram-gs2-header-function,
sasl-scram-construct-gs2-header): Add new variable and default
function for determining a SCRAM GSS-API message header. This is
mainly intended for other libraries rather than end users.
(sasl-scram-client-first-message): Use gs2-header function.
(sasl-scram--client-final-message): Use dedicated gs2-header function.
Also remove whitespace when base64-encoding, as per RFC 5802.
(Bug#57956.)
* lisp/net/sasl-scram-rfc.el (sasl-scram--client-final-message):
The XOR of two unibyte strings should be a unibyte string.
This code previously worked by accident because of an overly tolerant
base64 encoder (bug#52670), but now causes a test failure.
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November. Change these FTP URLs to https://ftp.gnu.org
instead. Make similar changes for URLs to other organizations moving
away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
The symbol used in sasl-mechanism-alist needs to match the name that
can be required. Move sasl-make-mechanism call to end of file, to
ensure that it can refer to the specified step functions.
* net/sasl.el (sasl-mechanism-alist): Refer to sasl-scram-rfc
instead of sasl-scram-sha-1, as the former is the name that can be
required.
* net/sasl-scram-rfc.el (sasl-scram-sha-1-steps)
(sasl-scram-sha-1-client-final-message)
(sasl-scram-sha-1-authenticate-server): Move to end of file.
