hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ortwin Gl├╝ck <ortwin.glu...@nose.ch>
Subject [PATCH] Reworked digest auth
Date Thu, 11 Sep 2003 11:55:30 GMT
While reviewing a Patch to include MD5-sess into the Digest 
Authentication Scheme I came across a few flaws in that class. I suggest 
the following changes (see attached patch):

- The qop Parameter must be parsed correctly and not just be ignored
- The fact that it is legal to have a missing qop must not be ignored
- The class should be prepared to handle the auth-int qop option
   (even though an implementation is not possible with the current design)
- The public interface of this class is narrowed (as it is not needed by 
the tests any more)
- The test cases should check the actual result rather than checking for 
equality after another run through the same logic. Note: This is not 
simple for requests that require the client to generate a cnonce.

The patch is against HEAD. The 2.0 branch would be unaffected by these 
changes.

Odi

Mime
View raw message