Am Samstag, 13. Juli 2013 schrieb Darshit Shah: > There is one more thing that has just come to my notice. > > If the server sends qop=auth-int or for that matter any other qop value, > then instead of simply exiting, Wget goes on to send another GET request > without any Authorization Header. > > This Request is bound to be refused with a 401 Authorization Required. > Hence, Wget should not waste time sending that last extra request.
Do you know a test HTTP server that supports auth-int ?
If yes, we could try to implement it.
You are right:
At the moment any other qop value than 'auth' or missing qop return throws out
logprintf (LOG_NOTQUIET, _("Unsupported quality of protection '%s'.\n"),
qop);
and returns NULL, wich in turn just removes the Authenticate header but
doesn't stop the GET request (in gethttp()).
If we want that, digest_authentication_encode() would need to return a
status/error code.
But this issue should not stop Guiseppe's patch.
Regards, Tim
signature.asc
Description: This is a digitally signed message part.
