Hi, I’m the developer.
Here’s an excerpt from varnishadm command’s source (S_fd is the fd of the varnish.key file):
SHA256_Update(&ctx, challenge, 32);
SHA256_Update(&ctx, "\n", 1);
do {
i = read(S_fd, buf, sizeof buf);
if (i > 0)
SHA256_Update(&ctx, buf, i);
} while (i > 0);
SHA256_Update(&ctx, challenge, 32);
SHA256_Update(&ctx, "\n", 1);
As you can see there’s no \n after the secret key. Your plugin’s original implementation implies that there’s a trailing \n after the secret. This is not true in all cases, so IMHO you should follow varnishadm’s implementation
