This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author miguendes
Recipients miguendes
Date 2021-05-03.10:21:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620037299.14.0.38239383055.issue43952@roundup.psfhosted.org>
In-reply-to
Content 
I had a look at the HMAC RFC and apparently empty bytes sequence can be used as secret key.

"The definition of HMAC requires a cryptographic hash function, which
we denote by H, and a secret key K. 

...

The authentication key K can be of any length up to B, the
block length of the hash function."
   
https://tools.ietf.org/html/rfc2104.html#section-2

Assuming that is the case, the fix would be to change the Listener to:

```
        if self._authkey is not None:
            deliver_challenge(c, self._authkey)
            answer_challenge(c, self._authkey)
        return c
```


I created a PR for that, if anyone can review it, I appreciate it.
https://github.com/python/cpython/pull/25845
History
Date User Action Args
2021-05-03 10:21:39miguendessetrecipients: + miguendes
2021-05-03 10:21:39miguendessetmessageid: <1620037299.14.0.38239383055.issue43952@roundup.psfhosted.org>
2021-05-03 10:21:39miguendeslinkissue43952 messages
2021-05-03 10:21:39miguendescreate