GNOME Bugzilla – Bug 544681
Digest authentication should default to MD5-digest
Last modified: 2008-07-26 13:19:44 UTC
Please describe the problem: If the server doesn't return an algorithm in the headers, e.g. """ HTTP/1.1 401 Authorization Required Date: Mon, 19 May 2008 12:54:30 GMT Server: Apache WWW-Authenticate: Digest realm="www.xxx.dk", nonce="8192d3c589fb0e673b81a7d873f04f641211201670" Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 """ libsoup will default to a "NONE" authentication, which later in the function "soup_auth_digest_compute_hex_a1" makes it use MD5-SESS. This is very wrong. RFC-2617 states (about the algorithm directive) that "If this is not present it is assumed to be "MD5"". Please see attached patch. Steps to reproduce: 1. Connect to webdav server, e.g. using gvfs, that does not transmit "algorithm" directive 2. Fail, due to wrong auth digest. Actual results: Expected results: Does this happen every time? Yes Other information:
Created attachment 115245 [details] [review] Select MD5 as default digest algorithm
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.