[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [Bug-Wget] Handling of Multiple authorizations

From: Tim Ruehsen
Subject: Re: [Bug-wget] [Bug-Wget] Handling of Multiple authorizations
Date: Tue, 30 Jul 2013 15:21:20 +0200
User-agent: KMail/4.10.5 (Linux/3.10-1-amd64; KDE/4.10.5; x86_64; ; )

On Tuesday 30 July 2013 18:28:02 Darshit Shah wrote:
> According to RFC 2617, the server may either send multiple WWW-Authenticate
> Headers or a single WWW-Authenticate Header with multiple challenges. In
> such a case, it is advisable to select the most secure protocol known by
> the client for authentication.
> Wget, however uses only the first challenge it sees and begins sending the
> challenge response. This can be easily replicated through the
> Test-auth-both test in the new Test Environment I'm writing and is
> available at: https://www.github.com/darnir/wget-gsoc
> My question is, are we interested in fixing this or do we just let it be?

AFAIK, right now, this is a rare case. And if you stumble upon it in the real 
world, the auth-schemes involved might or might not include the ones that Wget 
supports (Basic|Digest).

But than, a preference for Digest would be nice and the HTTP header parser 
should handle both cases (multiple WWW-Authenticate or one with multiple 
challenges) correctly anyway.

So, I vote for 'Yes'.

Regards, Tim

reply via email to

[Prev in Thread] Current Thread [Next in Thread]