Bugs item #2548099, was opened at 2009-01-30 07:50
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2548099&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: bad behaviour
>Status: Pending
Resolution: Out of Date
Priority: 5
Private: No
Submitted By: Romil Mittal (romilmittal)
Assigned to: Daniel Stenberg (bagder)
Summary: Nonce getting expired in Digest Auth

Initial Comment:
Digest authentication involves negotiating a 'nonce' value with the server. This 'nonce' value expires after sometime and then server sends a new 'nonce'. A client is supposed to use the newer value but in our case CURL continued to use the same stale value. Making a change in CURL so that if 'stale=true' is found in the header, it renegotiates the nonce with the server.

Affected files ...

curl-7.17.1/http.c

Differences ...

703c703,704
< if((authp->avail & CURLAUTH_DIGEST) != 0) {

---
>         if(((authp->avail & CURLAUTH_DIGEST) != 0) && (strstr(header, "stale=true") == 0)) {
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2009-01-30 08:15
Message:
Thanks,
You're patching a very old libcurl version, can you please verify that
this is still a problem with 7.19.3 and if so provide a patch against
that?
(please use diff -u for the output format.)
Also note that the strstr() in your code is a bit too naive since the
'true' part may be within quotes.
----------------------------------------------------------------------
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2548099&group_id=976