[PATCH] vmod_digest

Laurence Rowe l at lrowe.co.uk
Fri Oct 14 15:25:52 CEST 2011

On 14 October 2011 09:42, Kristian Lyngstol
<kristian at varnish-software.com> wrote:
> Hi Laurence,
> On Thu, Oct 13, 2011 at 11:24:25PM +0100, Laurence Rowe wrote:
>> On 13 October 2011 18:45, Laurence Rowe <l at lrowe.co.uk> wrote:
>> > How do you handle null bytes in the strings returned by digest.hash* /
>> > digest.hmac* / digest.base64*decode ? I was under the impression
>> > varnish used null terminated strings internally.
>> From reading the source I see that the hash and hmac functions return
>> hexdigests. Presumably it's assumed any base64 data you would be
>> interested in reading in Varnish would not contain null characters.
> A valid point...
> I could provide base64 functions that accept a length-argument too.
> However, since there is no simple way to deal with NULL in VCL itself,
> I'm curious if you have a use case for it? The only real use case I see
> is if you combine it with other vmods.

My particular use case is to validate Plone's signed authentication
cookies within VCL. To save space I included a binary version of the
hmac sha256 digest in the base64 encoded cookie. I think I'll just
change Plone's algorithm to use a hexdigest instead, it's only another
45 characters once base64 encoded. With the binary version I would
need comparison tests which were also length aware.


More information about the varnish-dev mailing list