[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patches for qop=auth implementation for url-digest-auth

From: Jarno Malmari
Subject: Patches for qop=auth implementation for url-digest-auth
Date: Mon, 11 May 2015 22:17:20 +0300

I am not sure how common it is to have no backward compatibility for qop-less 
clients, as that is, afaik, against the standard RFC 2617. My use case and 
motivation for testing this is based on Gerrit servers that gave Forbidden with 
the old qop-less implementation, and with these patches, I can authenticate 

There are three patches. First, tests were created to have some stable 
playground to do refactoring on url-digest-auth. As new functions were added, 
more tests were added. Finally, implement qop=auth (with limitations, as 
described in the commit message).

The potential risk of applying the third patch (the actual qop implementation) 
is that once the 'url' client reports that it supports qop, it should do it 
properly. If not, some servers that previously cooperated may stop to do so. 
Those are the servers where the backward compatibility is working ok, i.e. they 
are fine with clients not reporting back the "qop" field in Authorization 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]