Message 98115 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dieresys
Recipients	akuchling, bwmcadams, dieresys, georg.brandl, jjlee, orsenthil
Date	2010-01-21.21:53:51
SpamBayes Score	0.011074212
Marked as misclassified	No
Message-id	<1264110836.58.0.138617444311.issue2202@psf.upfronthosting.co.za>
In-reply-to

Content
Here is a patch for supporting MD5-sess, following RFC2617 specification. Some comments/warnings: * I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess. * IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string. * This patch doesn't add support for Digest sessions. For each request we make, we get a new [401\|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW\|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations. * A1 is being recalculated for every request. Given the above, this is not a real problem. I'll open a new ticket regarding Digest sessions.

Here is a patch for supporting MD5-sess, following RFC2617 specification.

Some comments/warnings:
 * I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess.
 * IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string.
 * This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations.
 * A1 is being recalculated for every request. Given the above, this is not a real problem.

I'll open a new ticket regarding Digest sessions.

History
Date	User	Action	Args
2010-01-21 21:53:56	dieresys	set	recipients: + dieresys, akuchling, georg.brandl, jjlee, orsenthil, bwmcadams
2010-01-21 21:53:56	dieresys	set	messageid: <1264110836.58.0.138617444311.issue2202@psf.upfronthosting.co.za>
2010-01-21 21:53:55	dieresys	link	issue2202 messages
2010-01-21 21:53:54	dieresys	create