Skip to content

Add the SCRAM mechanism.#5

Merged
ChadSikorra merged 1 commit intomasterfrom
SCRAM
Mar 22, 2026
Merged

Add the SCRAM mechanism.#5
ChadSikorra merged 1 commit intomasterfrom
SCRAM

Conversation

@ChadSikorra
Copy link
Copy Markdown
Contributor

@ChadSikorra ChadSikorra commented Mar 22, 2026

Adding SCRAM support since DIGEST-MD5 is long since dead / unsupported. Adding SASL support server side to the LDAP library. But is also nice to support this from the client side.

Additionally adding some markdown doc.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 22, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 97.74920% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.80%. Comparing base (75db064) to head (6746e74).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
src/FreeDSx/Sasl/Challenge/ScramChallenge.php 97.46% 6 Missing ⚠️
src/FreeDSx/Sasl/SaslPrep.php 94.73% 1 Missing ⚠️

❌ Your project status has failed because the head coverage (78.80%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master       #5      +/-   ##
============================================
+ Coverage     72.81%   78.80%   +5.99%     
- Complexity      354      428      +74     
============================================
  Files            21       25       +4     
  Lines           982     1293     +311     
============================================
+ Hits            715     1019     +304     
- Misses          267      274       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ChadSikorra ChadSikorra merged commit cffd4fd into master Mar 22, 2026
31 of 32 checks passed
@Neustradamus
Copy link
Copy Markdown

Neustradamus commented Mar 29, 2026
edited
Loading

@ChadSikorra: Thanks a lot for your work about SCRAM and tls-unique support!

Can you specify that DIGEST-MD5 and CRAM-MD5 are not secure and must not be used?

Important about TLS Channel Binding:

  • tls-unique is for TLS 1.2 and before
  • tls-server-end-point is for TLS 1.3 and TLS 1.2 and before
  • tls-exporter is for TLS 1.3

You can see @fabiang sasl project here:

Another projects where SCRAM supports have been done by @schengawegga:

It will be nice to talk all together about the PHP problem and to show that it is really important to have an improvement in PHP core:

Linked to:

@Neustradamus Neustradamus mentioned this pull request Mar 29, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ChadSikorra @Neustradamus