Maybe a new component options would let the developer select the behaviour ? Or maybe first try with on option and then automatically switch to the other if it fails ?
-- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -----Message d'origine----- De : twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] De la part de Arno Garrels Envoyé : dimanche 8 janvier 2012 19:30 À : ICS support mailing Objet : Re: [twsocket] Digest authentication via THttpCli? Arno Garrels wrote: > Paul Read wrote: >> THanks for that information I therefore tweaked >> 'AuthDigestParseChallenge' so that Info.Qop is set to 'auth' if no >> Qop value is given and now the right MD5 is calculated and the server >> accepts the data. > > I'd say this is a server-side bug. Though it might be a ICS bug in the RFC 2069 implementation as well, but I have no idea where. Digest calculation is simple in RFC 2069 and the same calculation is also used as one part of the RFC 2617 calc. > It obviously understands a RFC 2617 > digest however sends an obsolete RFC 2069 WWW-Authenticate response > header. Well, that seems OK as long as the server supports both RFC 2069 and RFC 2617 clients. > If I'm not totally misreading this sentence: > "qop-options > This directive is optional, but is made so only for backward > compatibility with RFC 2069 [6];" > > it means that if the qop directive is missing we have to assume RFC > 2069 which calculates the digest differently. If not, ICS clients won't be able to authenticate with true old RFC 2069 servers...? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
