[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patches for qop=auth implementation for url-digest-auth
From: |
Jarno Malmari |
Subject: |
Patches for qop=auth implementation for url-digest-auth |
Date: |
Mon, 11 May 2015 22:17:20 +0300 |
I am not sure how common it is to have no backward compatibility for qop-less
clients, as that is, afaik, against the standard RFC 2617. My use case and
motivation for testing this is based on Gerrit servers that gave Forbidden with
the old qop-less implementation, and with these patches, I can authenticate
successfully.
There are three patches. First, tests were created to have some stable
playground to do refactoring on url-digest-auth. As new functions were added,
more tests were added. Finally, implement qop=auth (with limitations, as
described in the commit message).
The potential risk of applying the third patch (the actual qop implementation)
is that once the 'url' client reports that it supports qop, it should do it
properly. If not, some servers that previously cooperated may stop to do so.
Those are the servers where the backward compatibility is working ok, i.e. they
are fine with clients not reporting back the "qop" field in Authorization
header.
- url-digest-auth QOP implementation, Jarno Malmari, 2015/05/09
- Re: url-digest-auth QOP implementation, Lars Magne Ingebrigtsen, 2015/05/10
- Patches for qop=auth implementation for url-digest-auth,
Jarno Malmari <=
- [PATCH 1/3] Test for url-auth, Jarno Malmari, 2015/05/11
- [PATCH 3/3] Initial implementation for HTTP Digest qop for url, Jarno Malmari, 2015/05/11
- [PATCH 2/3] Refactor digest authentication in url-auth, Jarno Malmari, 2015/05/11
- Re: Patches for qop=auth implementation for url-digest-auth, Lars Magne Ingebrigtsen, 2015/05/18
- Re: Patches for qop=auth implementation for url-digest-auth, Jarno Malmari, 2015/05/26