tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21529] New: - Bug in org.apache.catalina.authenticator.DigestAuthenticator
Date Fri, 11 Jul 2003 20:43:47 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21529>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21529

Bug in org.apache.catalina.authenticator.DigestAuthenticator

           Summary: Bug in
                    org.apache.catalina.authenticator.DigestAuthenticator
           Product: Tomcat 4
           Version: 4.1.24
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Blocker
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: adam.hathcock@ipov.net


line 317:
  qop = removeQuotes(currentTokenValue);
needs to be:
  qop = currentTokenValue;

I was using the Tomcat 4.1.24 code as an example for Digest Authentication and
discovered that the hashes weren't matching in my code.  Since "auth" was being
stripped to "ut", the hashes were screwed up.  I checked the RFC 2617 spec
http://asg.web.cmu.edu/rfc/rfc2617.html#sec-3.5 and qop doesn't have quotes.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message