[jira] [Commented] (HTTPCLIENT-1354) Algorithm field in digest auth should not be quoted

Thu, 23 May 2013 08:13:25 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13665256#comment-13665256
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1354:
-----------------------------------------------

RFC 2617 defines digest 'response' attribute as a quoted value though it 
clearly does not have to be given its content is always expected to be 32LHEX. 
It defines 'uri' attribute as request-uri, though throughout the document all 
URI values in examples are actually _quoted_. It defines 'algorithm' attribute 
as token though there is no good reason why it cannot be a quoted string. All 
these restrictions are purely arbitrary and illogical and as a result cause a 
great deal of confusion. And I stand by my previous assertion that there is NO 
explicit restriction on the content of algorithm attribute in terms of "MUST", 
"MUST NOT", "REQUIRED", "SHALL", "SHALL NOT" requirements.

Oleg
                
> Algorithm field in digest auth should not be quoted
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1354
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1354
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.5
>            Reporter: Mark Thornton
>             Fix For: 4.3 Beta2
>
>
> The algorithm field in digest authentication must not be quoted. The current 
> version of tomcat shipped with Ubuntu 13.04 insists on this (though future 
> versions of tomcat are more relaxed).
> https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
> see comment 12.
> Httpclient will thus fail to authenticate against tomcat 7.0.33 to 7.0.35, 
> but should work against 7.0.36 and later.  Note that the fix in tomcat 7.0.36 
> is to accommodate clients that are not conforming to the specification.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to