[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Digest Authentication algorithm field case sensitivi
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] Digest Authentication algorithm field case sensitivity |
|
Date: |
Mon, 17 Jan 2022 16:25:22 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 |
Dear Ahmet,
Thanks for the report,
I've fixed this in Git master now.
-Christian
On 17.01.22 09:50, Ahmet Kermen wrote:
> Hi All,
>
> Since version 0.9.62 libmicrohttpd appears to be started adding optional
> "algorithm" field for digest authentication header. According to
> RFC2617 https://datatracker.ietf.org/doc/html/rfc2617
> <https://datatracker.ietf.org/doc/html/rfc2617> and
> RFC7616 https://datatracker.ietf.org/doc/html/rfc7616
> <https://datatracker.ietf.org/doc/html/rfc7616> the algorithm value is
> case-sensitive (no explicit definition, as for “stale” field) and should
> be "MD5" (uppercase) if MD5 is selected, but libmicrohttpd sets as "md5"
> (lowercase). The case difference makes some client libraries to fail
> detecting digest authentication presence from server responses.
>
> From RFC2617:
> algorithm
> A string indicating a pair of algorithms used to produce the digest
> and a checksum. If this is not present it is assumed to be "MD5”.
>
> From RFC7616:
> algorithm
> A string indicating an algorithm used to produce the digest and an
> unkeyed digest. If this is not present, it is assumed to be
> “MD5"
>
>
> Best regards,
> Ahmet Kermen
>