Menu

#1235 For HTTP Digest Auth with qop=auth-int, incorrect response to challenge

closed-accepted
None
5
2014-08-14
2013-05-28
Nach M. S.
No

cURL returns an incorrect response when challenged by a Digest Authenication 401 when qop is auth-int.

The comment in the code says:
/ We don't support auth-int at the moment. I can't see a easy way to get
entity-body here
/

Now while that may be true, most requests don't have bodies at all. Only PUT and POST (and sometime OPTIONS) methods do. At the very least, for all other requests, an MD5 of an empty string ("d41d8cd98f00b204e9800998ecf8427e") is needed, and is available immediatly.

The attatched patch essentialy fixes half the present bug. It will fix the challenge response for HEAD, GET, and DELETE. It also fixes it for POST, PUT, and OPTIONS, iff the body for those happen to be empty.

To fix the remainder of issues (POST, PUT, OPTIONS, all with content), a more invasive addition is needed. However that later fix would still need the current patch for HEAD, GET, and DELETE.

The attatched patch is against latest GIT at the moment. ac419bf562c4196f819edd124be82da96f81ba95

1 Attachments

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2013-06-10
    • status: open --> closed-accepted
    • assigned_to: Daniel Stenberg
     
  • Daniel Stenberg

    Daniel Stenberg - 2013-06-10

    Thanks a lot, I've merged and pushed!