Hello, This is what MSDN says about it :
The qop-options directive, as specified in [RFC2617] section 3.2.1, is optional; but it is used for backward compatibility with digest access authentication, as specified in [RFC2069]. The qop-options directive SHOULD be used by all implementations compliant with this version of the digest authentication mechanism and SHOULD be enclosed in quotation marks. AG> Paul Read wrote: >> THanks for that information I therefore tweaked >> 'AuthDigestParseChallenge' so that Info.Qop is set to 'auth' if no Qop >> value is given and now the right MD5 is calculated and the server >> accepts the data. AG> I'd say this is a server-side bug. It obviously understands a RFC 2617 AG> digest however sends an obsolete RFC 2069 WWW-Authenticate response header. AG> If I'm not totally misreading this sentence: AG> "qop-options AG> This directive is optional, but is made so only for backward AG> compatibility with RFC 2069 [6];" AG> it means that if the qop directive is missing we have to assume RFC 2069 AG> which calculates the digest differently. That cURL works is perhaps because AG> it doesn't try to support obsolete RFC 2069? -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
