You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the API to configure specific stream paths. For security, I intend on using Argon2 to store all passwords within the config. When setting the srtPublishPassphrase to the relevant Argon2 hash, I see the following error returned from the API:
{
"error": "invalid 'srtPublishPassphrase': must be between 10 and 79 characters"
}
The issue seems to relate to how the API in particular handles the expected string. In plain-text cases, the character limit would be fine. But in cases where Argon2 or SHA256 are used to create a hash, these can easily be longer than 79 characters.
Describe how to replicate the issue
Start server running v1.9.0 in docker.
Generate an Argon2 passphrase with echo -n "testpass123" | argon2 "$(openssl rand --hex 8)" -id -l 32 -e.
Send the API request to the server with the resulting Argon2 hash included in the payload:
Which version are you using?
v1.9.0
Which operating system are you using?
Describe the issue
I am using the API to configure specific stream paths. For security, I intend on using Argon2 to store all passwords within the config. When setting the
srtPublishPassphrase
to the relevant Argon2 hash, I see the following error returned from the API:The issue seems to relate to how the API in particular handles the expected string. In plain-text cases, the character limit would be fine. But in cases where Argon2 or SHA256 are used to create a hash, these can easily be longer than 79 characters.
Describe how to replicate the issue
echo -n "testpass123" | argon2 "$(openssl rand --hex 8)" -id -l 32 -e
.Did you attach the server logs?
No - reviewed debug log which only returns the same error as is returned by cURL request.
Did you attach a network dump?
No - error relates to how the API handles long strings.
The text was updated successfully, but these errors were encountered: