Curl: [ curl-Bugs-1751313 ] HTTP digest authentication fails on certain directive orders

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 10 Jul 2007 08:54:55 -0700

Bugs item #1751313, was opened at 2007-07-10 09:54
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1751313&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: pezra (pezra)
Assigned to: Daniel Stenberg (bagder)
Summary: HTTP digest authentication fails on certain directive orders

Initial Comment:
If the last directive in the `WWW-Authenticate` header field is 'algorithm' curl claims there is an "Authentication problem" and does not respond to the challenge. Attached is an example of this in which I make the same request twice. The first attempt succeeds. The second attempt is the same except the server returns the 'algorithm' directive at the end of the WWW-Authentication header field and curl fails parse the challenge correctly.

pezra@reasonable-excuse:~$ curl --user dev:a --digest -v http://localhost:3000/clients.ssj
* About to connect() to localhost port 3000
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 3000
* Server auth using Digest with user 'dev'
> GET /clients.ssj HTTP/1.1
> User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5
> Host: localhost:3000
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Connection: close
< Date: Tue, 10 Jul 2007 15:22:14 GMT
< Status: 401 Unauthorized
< WWW-Authenticate: Digest realm="SystemShepherd", qop="auth", nonce="MjAwNy0wNy0xMCAwOToyMjoxNDoxODg4MDE6MzVmZjlhM2I1MDYxOTIzM2RhYmUzMWE3NTA5YWI2Yz", algorithm=MD5-sess, opaque="66e587e6f6bd98cedb38eb0d5dcae413"
< X-Runtime: 0.00493
< Cache-Control: no-cache
< Server: Mongrel 1.0.1
< Content-Type: text/plain; charset=utf-8
< Content-Length: 43
* Closing connection #0
* Issue another request to this URL: 'http://localhost:3000/clients.ssj'
* About to connect() to localhost port 3000
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 3000
* Server auth using Digest with user 'dev'
> GET /clients.ssj HTTP/1.1
> Authorization: Digest username="dev", realm="SystemShepherd", nonce="MjAwNy0wNy0xMCAwOToyMjoxNDoxODg4MDE6MzVmZjlhM2I1MDYxOTIzM2RhYmUzMWE3NTA5YWI2Yz", uri="/clients.ssj", cnonce="MTE4NDA4", nc=00000001, qop="auth", response="890b1d07b86a69adaabd24dd7787ccbc", opaque="66e587e6f6bd98cedb38eb0d5dcae413", algorithm="MD5-sess"
> User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5
> Host: localhost:3000
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: close
< Date: Tue, 10 Jul 2007 15:22:14 GMT
< Status: 200 OK
< Authentication-Info: nc=00000001, qop=auth, cnonce="MTE4NDA4", nextnonce=00000002
< X-Runtime: 0.03532
< ETag: "901ccfa4ed21deb69dbeaebec781ec80"
< Cache-Control: private, max-age=600
< Server: Mongrel 1.0.1
< Content-Type: application/x-sysshep+json; charset=utf-8
< Content-Length: 1044
{"clients":
[
]
}
* Closing connection #0

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1751313&group_id=976
Received on 2007-07-10

curl-tracker mailing list Archives

[ curl-Bugs-1751313 ] HTTP digest authentication fails on certain directive orders