cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1235 For HTTP Digest Auth with qop=auth-int, incorrect response to challenge

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Mon, 10 Jun 2013 22:14:33 +0000

- **status**: open --> closed-accepted
- **assigned_to**: Daniel Stenberg

---
** [bugs:#1235] For HTTP Digest Auth with qop=auth-int, incorrect response to challenge**
**Status:** closed-accepted
**Created:** Tue May 28, 2013 06:48 PM UTC by Nach M. S.
**Last Updated:** Tue May 28, 2013 06:48 PM UTC
**Owner:** Daniel Stenberg
cURL returns an incorrect response when challenged by a Digest Authenication 401 when qop is auth-int.
The comment in the code says:
    /* We don't support auth-int at the moment. I can't see a easy way to get
       entity-body here */
Now while that may be true, most requests don't have bodies at all. Only PUT and POST (and sometime OPTIONS) methods do. At the very least, for all other requests, an MD5 of an empty string ("d41d8cd98f00b204e9800998ecf8427e") is needed, and is available immediatly.
The attatched patch essentialy fixes half the present bug. It will fix the challenge response for HEAD, GET, and DELETE. It also fixes it for POST, PUT, and OPTIONS, iff the body for those happen to be empty.
To fix the remainder of issues (POST, PUT, OPTIONS, all with content), a more invasive addition is needed. However that later fix would still need the current patch for HEAD, GET, and DELETE.
The attatched patch is against latest GIT at the moment. ac419bf562c4196f819edd124be82da96f81ba95
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1235/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>
Received on 2013-06-11

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET