Arno Garrels wrote:
> Paul Read wrote:
>> THanks for that information I therefore tweaked
>> 'AuthDigestParseChallenge' so that Info.Qop is set to 'auth' if no
>> Qop value is given and now the right MD5 is calculated and the server
>> accepts the data.
> I'd say this is a server-side bug. 

Though it might be a ICS bug in the RFC 2069 implementation as well,
but I have no idea where. Digest calculation is simple in RFC 2069 and
the same calculation is also used as one part of the RFC 2617 calc. 

> It obviously understands a RFC 2617
> digest however sends an obsolete RFC 2069 WWW-Authenticate response
> header. 

Well, that seems OK as long as the server supports both RFC 2069 and 
RFC 2617 clients.  

> If I'm not totally misreading this sentence:
> "qop-options
>      This directive is optional, but is made so only for backward
>      compatibility with RFC 2069 [6];"
> it means that if the qop directive is missing we have to assume RFC
> 2069 which calculates the digest differently. 

If not, ICS clients won't be able to authenticate with true old RFC 2069

Arno Garrels

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to