hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thornton (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1354) Algorithm field in digest auth should not be quoted
Date Wed, 22 May 2013 14:13:20 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13664131#comment-13664131
] 

Mark Thornton commented on HTTPCLIENT-1354:
-------------------------------------------

>From rfc 2617:

algorithm         = "algorithm" "=" ( "MD5" | "MD5-sess" |
                           token )

This production does NOT allow quotes. However I accept that this has been widely misinterpreted.
                
> Algorithm field in digest auth should not be quoted
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1354
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1354
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.5
>            Reporter: Mark Thornton
>             Fix For: 4.3 Beta2
>
>
> The algorithm field in digest authentication must not be quoted. The current version
of tomcat shipped with Ubuntu 13.04 insists on this (though future versions of tomcat are
more relaxed).
> https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
> see comment 12.
> Httpclient will thus fail to authenticate against tomcat 7.0.33 to 7.0.35, but should
work against 7.0.36 and later.  Note that the fix in tomcat 7.0.36 is to accommodate clients
that are not conforming to the specification.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message