You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2005/08/26 11:12:27 UTC
DO NOT REPLY [Bug 36372] New: -
nonce-count in digest auth should not be quoted
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36372>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36372
Summary: nonce-count in digest auth should not be quoted
Product: HttpClient
Version: 3.0 RC3
Platform: PC
OS/Version: Windows 2000
Status: NEW
Keywords: RFC
Severity: blocker
Priority: P2
Component: Commons HttpClient
AssignedTo: httpclient-dev@jakarta.apache.org
ReportedBy: ole.henrik@wettre.name
In 3.0rc3 nonce-count (nc) is enclosed in quote marks. According to rfc2617 this
is wrong, nonce-count shouldn't be enclosed in quote marks.
> 3.2.2 The Authorization Request Header
>
> The client is expected to retry the request, passing an Authorization
> header line, which is defined according to the framework above,
> utilized as follows.
>
> credentials = "Digest" digest-response
> digest-response = 1#( username | realm | nonce | digest-uri
> | response | [ algorithm ] | [cnonce] |
> [opaque] | [message-qop] |
> [nonce-count] | [auth-param] )
>
> username = "username" "=" username-value
> username-value = quoted-string
> digest-uri = "uri" "=" digest-uri-value
> digest-uri-value = request-uri ; As specified by HTTP/1.1
> message-qop = "qop" "=" qop-value
> cnonce = "cnonce" "=" cnonce-value
> cnonce-value = nonce-value
> nonce-count = "nc" "=" nc-value
> nc-value = 8LHEX
> response = "response" "=" request-digest
> request-digest = <"> 32LHEX <">
> LHEX = "0" | "1" | "2" | "3" |
> "4" | "5" | "6" | "7" |
> "8" | "9" | "a" | "b" |
> "c" | "d" | "e" | "f"
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org