[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test |
|
Date: |
Sat, 22 Nov 2014 18:56:43 +0100 |
|
User-agent: |
KMail/4.14.2 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; ) |
Am Samstag, 22. November 2014, 16:24:18 schrieb Darshit Shah:
> Another reason why I never got around to implementing this feature is that
> it is required by almost no one. The issue at hand is that when a Server
> responds with two possible authentication methods, the client is expected
> to choose the strongest one it knows. Instead Wget chooses the first one it
> knows. This violates the RFC and hence I marked it up as a bug. I'll
> probably add all this information into the test file in a while and push
> it.
I just implemented this feature in (selecting the strongest auth method).
But the HTTP test server offers both (Digest,Basic) within a single WWW-
Authenticate line. The ABNF in RFC2616 does not allow this:
3.2.1 The WWW-Authenticate Response Header
If a server receives a request for an access-protected object, and an
acceptable Authorization header is not sent, the server responds with
a "401 Unauthorized" status code, and a WWW-Authenticate header as
per the framework defined above, which for the digest scheme is
utilized as follows:
challenge = "Digest" digest-challenge
digest-challenge = 1#( realm | [ domain ] | nonce |
[ opaque ] |[ stale ] | [ algorithm ] |
[ qop-options ] | [auth-param] )
domain = "domain" "=" <"> URI ( 1*SP URI ) <">
URI = absoluteURI | abs_path
nonce = "nonce" "=" nonce-value
nonce-value = quoted-string
opaque = "opaque" "=" quoted-string
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" |
token )
qop-options = "qop" "=" <"> 1#qop-value <">
qop-value = "auth" | "auth-int" | token
I knowledge is, that the server has to send two lines of WWW-Authenticate to
offer two authentication methods. Maybe I am wrong, but I would like to know
from where you got further information. Or is it just a mistake ?
Example from Test HTTP server:
WWW-Authenticate: BasIc realm="Wget-Test", DIgest realm="Test",
nonce="f07e391eb19dfb441f191f5de7ba687f",
opaque="548c574974e749c0cfae06302b9e559b", qop="auth"
Don't start to fix the test server, I have it fixed and just await your answer.
Tim
signature.asc
Description: This is a digitally signed message part.
- [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Tim Ruehsen, 2014/11/21
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Darshit Shah, 2014/11/21
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Tim Rühsen, 2014/11/22
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Darshit Shah, 2014/11/22
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test,
Tim Rühsen <=
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Tim Rühsen, 2014/11/22
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Darshit Shah, 2014/11/22
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Tim Rühsen, 2014/11/22
- Re: [Bug-wget] [PATCH] Change testenv/Test-auth-both.py from XFAIL to a normal test, Daniel Stenberg, 2014/11/25
- Re: [Bug-wget] [PATCH] Let Wget select strongest auth challenge, Tim Rühsen, 2014/11/22
- Re: [Bug-wget] [PATCH] Let Wget select strongest auth challenge, Giuseppe Scrivano, 2014/11/26
- Re: [Bug-wget] [PATCH] Let Wget select strongest auth challenge, Tim Ruehsen, 2014/11/26