Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers

[Tim Rühsen]

Am Samstag, 13. Juli 2013 schrieb Darshit Shah:
> There is one more thing that has just come to my notice.
> 
> If the server sends qop=auth-int or for that matter any other qop value,
> then instead of simply exiting, Wget goes on to send another GET request
> without any Authorization Header.
> 
> This Request is bound to be refused with a 401 Authorization Required.
> Hence, Wget should not waste time sending that last extra request.

Do you know a test HTTP server that supports auth-int ?
If yes, we could try to implement it.

You are right:
At the moment any other qop value than 'auth' or missing qop return throws out
      logprintf (LOG_NOTQUIET, _("Unsupported quality of protection '%s'.\n"), 
qop);
and returns NULL, wich in turn just removes the Authenticate header but 
doesn't stop the GET request (in gethttp()).

If we want that, digest_authentication_encode() would need to return a 
status/error code.

But this issue should not stop Guiseppe's patch.

Regards, Tim

signature.asc
Description: This is a digitally signed message part.