GNOME Bugzilla – Bug 562339
Selection of authentication method is incorrect
Last modified: 2008-12-01 09:40:05 UTC
Please describe the problem: When a server requests authentication it can send a list of methods (Basic, Digest, etc) that it supports. The client should choose the method with the highest security that it supports, i.e. if the client supports both Basic and Digest authentication and the server accepts both Basic and Digest the client should choose Digest. Today it selects Basic authentication per default. Steps to reproduce: 1. Connect to a server that announces support for both Basic and Digest auth. 2. when "authenticate" is received call soup_auth_authenticate with the correct credentials. 3. Observe what method has been selected (I used wireshark) Actual results: Basic authentication is selected and carried out. Expected results: I expected libsoup to select the Digest authentication method. Does this happen every time? Yes it is reproducible. Other information:
whoops. it was sorting the auth types backwards, so it ended up picking the weakest auth first rather than the strongest. :-/ fixed in trunk. will eventually make it into libsoup 2.24.3 as well. thanks for the bug report.
Tested ! Now works as expected. Thanks a lot Dan. /Pontus