Message98115
Here is a patch for supporting MD5-sess, following RFC2617 specification.
Some comments/warnings:
* I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess.
* IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string.
* This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations.
* A1 is being recalculated for every request. Given the above, this is not a real problem.
I'll open a new ticket regarding Digest sessions. |
|
Date |
User |
Action |
Args |
2010-01-21 21:53:56 | dieresys | set | recipients:
+ dieresys, akuchling, georg.brandl, jjlee, orsenthil, bwmcadams |
2010-01-21 21:53:56 | dieresys | set | messageid: <1264110836.58.0.138617444311.issue2202@psf.upfronthosting.co.za> |
2010-01-21 21:53:55 | dieresys | link | issue2202 messages |
2010-01-21 21:53:54 | dieresys | create | |
|