Aaron McConnell
Aaron McConnell
There is a TODO that implies better handling of an unknown BER type was intended: https://github.com/twisted/ldaptor/blob/4bfe2897c8b9b510d647fb1c2a5b50c88d492ab1/ldaptor/protocols/pureber.py#L382 We would like to alter this behavior, since it causes a number of issues...
Since TLS_PROTOCOL is itself deprecated, this is the suggested update. It does technically change the default behavior though: https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS_CLIENT ``` The protocol enables [CERT_REQUIRED](https://docs.python.org/3/library/ssl.html#ssl.CERT_REQUIRED) and [check_hostname](https://docs.python.org/3/library/ssl.html#ssl.SSLContext.check_hostname) by default. ~``
## Detailed Description New Duo API endpoints such as the policy API require the most recent API authentication scheme, so we need that implemented here. See https://github.com/duosecurity/duo_client_java/commit/1f8b6343b79e453dfc259cedf4f3ec220a5a0729 for how this...
@mmoayyed had asked for this in https://github.com/duosecurity/duo_client_java/pull/29 I took a side trip to implement a Builder to make it easier, so now I need to actually add the new functionality...
## Description In https://github.com/duosecurity/duo_unix/blob/master/lib/util.c#L272 we have the Google DNS server hard-coded `sin.sin_addr.s_addr = inet_addr("8.8.8.8"); /* XXX Google's DNS Server */` Which could be a problem if that's blocked for whatever...
## Description The code comments for the state parameter indicate the minimum length of `state` is 22 characters, but the Duo docs (https://duo.com/docs/oauthapi#authorization-request) indicate it's 16. Let's reconcile the two....
## Description The method urlenc_decode (https://github.com/duosecurity/duo_unix/blob/master/lib/urlenc.c#L79) appears to be unused. This code is based on similar code from libcurl that has known CVEs. We are getting flagged for those CVEs....
## Description The plugin does not appear to work with Python 3.12, instead it errors out before 2FA can occur. The error seems to be with the six.moves module not...
## Detailed Description Our CI testing is a few Python versions behind, we should update that. Though we know 3.12 is not working right now (#50). ## Use Case Keep...