Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support case-insensitive auth-scheme token in proxy authentication #4790

Merged
merged 1 commit into from May 16, 2018

Conversation

@joschi
Copy link
Contributor

@joschi joschi commented May 13, 2018

The original implementation of the ProxyAuthenticator in OkHttpClientProvider matched the authentication scheme in a case-sensitive way, which doesn't work with all HTTP proxy servers in the wild.

Fixes #4788
Refs #4789

References:

RFC 7235, section 2.1

Authentication parameters are name=value pairs, where the name token
is matched case-insensitively, and each parameter name MUST only
occur once per challenge.

RFC 2617, section 1.2

It [the authentication mechanism] uses an extensible,
case-insensitive token to identify the authentication scheme,
followed by a comma-separated list of attribute-value pairs which
carry the parameters necessary for achieving authentication via that
scheme.

Jochen Schalanda
The original implementation of the `ProxyAuthenticator` in `OkHttpClientProvider`
matched the authentication scheme in a case-sensitive way, which doesn't work
with all HTTP proxy servers in the wild.

Fixes #4788

Reference:

RFC 7235, section 2.1
> Authentication parameters are name=value pairs, where the name token
> is matched case-insensitively, and each parameter name MUST only
> occur once per challenge.

https://tools.ietf.org/html/rfc7235#section-2.1

RFC 2617, section 1.2
> It [the authentication mechanism] uses an extensible,
> case-insensitive token to identify the authentication scheme,
> followed by a comma-separated list of attribute-value pairs which
> carry the parameters necessary for achieving authentication via that
> scheme.

https://tools.ietf.org/html/rfc2617#section-1.2
@dennisoelkers dennisoelkers merged commit 897c7e0 into 2.4 May 16, 2018
4 of 5 checks passed
4 of 5 checks passed
ci-web-linter Jenkins build graylog-pr-linter-check 2505 has failed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 1357 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details
@dennisoelkers dennisoelkers deleted the issue-4788-2.4 branch May 16, 2018
@joschi joschi added this to the 2.4.5 milestone May 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.