Looks ok to me.
- Michael.
Christopher Hegarty - Sun Microsystems Ireland wrote:
Hi,
I need to get a code review for,
CR 6687282 : "URLConnection for HTTPS connection through Proxy w/
Digest Authentication gives 400 Bad Request".
Digest authentication uses the request-URI as part of its algorithm
when generating the response hash. The request-URI is usually the
abs_path of the uri, but not always. When tunneling the target servers
'host:port' is used as the request-URI, e.g.
"CONNECT verisign.com:443 HTTP/1.1"
The implementation in sun.net.www.protocol.http.DigestAuthentication
only uses the abs_path of the uri. This is incorrect and the target
servers 'host:port' should be used when tunneling. Also, the request
method ( GET/POST/CONNECT ) is used when generating the response hash.
This needs to be "CONNECT" when tunneling.
(diffs below)
Thanks,
-Chris.
