-
deuce authoredaround a broken CRAM-MD5 implementation. For now, retrains the double-test for Mystic/1.12A39 until we see what version number the fixed builds have. If the major version is less than one, returns true. If the major version is greater than one, returns false. If the minor version is less than 12, returns true. If the minor version is greater than 12, returns false. If there is no character after the minor versions, returns false. (ie: 1.12 is newer than 1.12A39 and is assumed to be fixed) If the character after the minor version is not an 'A', returns false. (ie: 1.12B1 and 1.12.1 are newer than 1.12A39 and assumed fixed) If the number after the 'A' is less than or equal to 39, returns true. In all other cases, returns false. This prevents lowering security by having two allowed CRAM-MD5 responses for some remote software versions. Hopefully the fixed build will have version 1.12A40 and we'll be able to remove the last version that does that.
deuce authoredaround a broken CRAM-MD5 implementation. For now, retrains the double-test for Mystic/1.12A39 until we see what version number the fixed builds have. If the major version is less than one, returns true. If the major version is greater than one, returns false. If the minor version is less than 12, returns true. If the minor version is greater than 12, returns false. If there is no character after the minor versions, returns false. (ie: 1.12 is newer than 1.12A39 and is assumed to be fixed) If the character after the minor version is not an 'A', returns false. (ie: 1.12B1 and 1.12.1 are newer than 1.12A39 and assumed fixed) If the number after the 'A' is less than or equal to 39, returns true. In all other cases, returns false. This prevents lowering security by having two allowed CRAM-MD5 responses for some remote software versions. Hopefully the fixed build will have version 1.12A40 and we'll be able to remove the last version that does that.
Loading