Re: [twsocket] Digest authentication via THttpCli?

Mon, 09 Jan 2012 03:23:38 -0800 

@Paul: Does that fix the issue?

Yes!  :-)



On 09/01/2012 10:36, Arno Garrels wrote:

François Piette wrote:

Maybe a new component options would let the developer select the
behaviour ? Or maybe first try with on option and then automatically
switch to the other if it fails ?

Think I found the bug in OverbyteIcsDigestAuth.pas, will update SVN
later :

{code}
procedure AuthDigestCalcResponse(
[..]
     { calculate response }
     MD5Init(Md5Ctx);
     MD5UpdateBuffer(Md5Ctx, HA1);
     MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
     MD5UpdateBuffer(Md5Ctx, Nonce);
     if Qop<>  '' then begin // (if auth-int or auth) rfc2617 3.2.2.1 
Request-Digest
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, NonceCount);
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, CNonce);
         MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM);
         MD5UpdateBuffer(Md5Ctx, Qop);
       //  MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM); // ==>  removed
     end;
     MD5UpdateBuffer(Md5Ctx, AUTH_DIGEST_DELIM); //<== added
     MD5UpdateBuffer(Md5Ctx, HA2Hex);
     MD5Final(RespHash, Md5Ctx);
     Response := MD5DigestToLowerHexA(RespHash);  { V1.01 }
end;
{code}

@Paul: Does that fix the issue?

Also in the curl-7.23.1 source code I found a very interesting note:

/* So IE browsers<  v7 cut off the URI part at the query part when they
      evaluate the MD5 and some (IIS?) servers work with them so we may need to
      do the Digest IE-style. Note that the different ways cause different MD5
      sums to get sent.

      Apache servers can be set to do the Digest IE-style automatically using
      the BrowserMatch feature:
      http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie

      Further details on Digest implementation differences:
      http://www.fngtps.com/2006/09/http-authentication

Likely we have to add an additional option "DigestAuthIEStyle".



--
*Paul Read*
Partner and Senior Engineer
nSolve Ltd <http://www.nsolve.com/?empr>
Tel: +44 (0)845 8626777
Tel: +44 (0)1993 402011
Tel (US): +1 617 273 2304
nSolve <http://www.nsolve.com/?empr> nCall <http://www.nsolve.com/nCall-overview.shtml?empr> nTasktic <http://www.ntasktic.com/?empr> 

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to