Paul Read wrote:
> THanks for that information I therefore tweaked
> 'AuthDigestParseChallenge' so that Info.Qop is set to 'auth' if no Qop
> value is given and now the right MD5 is calculated and the server
> accepts the data.

I'd say this is a server-side bug. It obviously understands a RFC 2617 
digest however sends an obsolete RFC 2069 WWW-Authenticate response header. 

If I'm not totally misreading this sentence:
      This directive is optional, but is made so only for backward
      compatibility with RFC 2069 [6];"

it means that if the qop directive is missing we have to assume RFC 2069
which calculates the digest differently. That cURL works is perhaps because
it doesn't try to support obsolete RFC 2069?  

Arno Garrels  

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to