@Paul: Does that fix the issue?

Yes!  :-)

On 09/01/2012 10:36, Arno Garrels wrote:
François Piette wrote:
Maybe a new component options would let the developer select the
behaviour ? Or maybe first try with on option and then automatically
switch to the other if it fails ?
Think I found the bug in OverbyteIcsDigestAuth.pas, will update SVN
later :

procedure AuthDigestCalcResponse(
     { calculate response }
     MD5UpdateBuffer(Md5Ctx, HA1);
     MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
     MD5UpdateBuffer(Md5Ctx, Nonce);
     if Qop<>  '' then begin // (if auth-int or auth) rfc2617 
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, NonceCount);
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, CNonce);
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, Qop);
       //  MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM); // ==>  removed
     MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM); //<== added
     MD5UpdateBuffer(Md5Ctx, HA2Hex);
     MD5Final(RespHash, Md5Ctx);
     Response := MD5DigestToLowerHexA(RespHash);  { V1.01 }

@Paul: Does that fix the issue?

Also in the curl-7.23.1 source code I found a very interesting note:

/* So IE browsers<  v7 cut off the URI part at the query part when they
      evaluate the MD5 and some (IIS?) servers work with them so we may need to
      do the Digest IE-style. Note that the different ways cause different MD5
      sums to get sent.

      Apache servers can be set to do the Digest IE-style automatically using
      the BrowserMatch feature:

      Further details on Digest implementation differences:

Likely we have to add an additional option "DigestAuthIEStyle".

*Paul Read*
Partner and Senior Engineer
nSolve Ltd <http://www.nsolve.com/?empr>
Tel: +44 (0)845 8626777
Tel: +44 (0)1993 402011
Tel (US): +1 617 273 2304
nSolve <http://www.nsolve.com/?empr> nCall <http://www.nsolve.com/nCall-overview.shtml?empr> nTasktic <http://www.ntasktic.com/?empr>

To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to