Github user DaddyWri commented on the issue:
https://github.com/apache/httpclient/pull/66
@ok2c I had a long look at the NTLMEngineImpl changes. Basically:
- Trace level debug support, which I recommend we remove because it is
quite unsecure if enabled;
- For the CipherGen embedded cipher class, no substantive changes were made
at all, just method and member variable renaming and formatting; I recommend we
don't include any of these, since they add noise and no value;
- NTLMEngineImpl is now stateful and contains the history of all messages,
and that's basically necessary to allow signing and sealing. There must be
considerable changes elsewhere to allow for this change in flow, which I have
not looked at yet;
- Signing and sealing code, which constitutes the major addition to the
engine itself. I recommend we take those changes provided unit tests are
developed for them. There are a number of situations where signing and sealing
support would allow future extensions to be worked in. I also think it would
be good to consider taking the CredSSP implementation, once it is in form to do
so.
As for timing -- since it appears that Mr. Semancik has no further interest
in this work, it's likely to be a while before I can do it. Also, a trunk
commit won't do much good for a backport to the 4.5.x branch since everything
has moved, although with some effort a back patch might be developed.
I really wouldn't be concerned about proprietary legal problems; that ship
sailed more than 15 years ago, and as Mr. Semancik points out, all of these
specs are public now, and have been for more than a decade.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
