Support for SHA-256 digest authentication algorithm

[ericmoret]

RFC-7616 describes a digest authentication mechanism adding support for two new algorithms, SHA2-256 as mandatory and SHA2-512/256 as a backup. I am interested in using curl with http digest authentication and one of those new algorithms as a replacement for the now defunct standard MD5 hash.

[bagder]

Thanks a lot for you interest and desire to help us improve curl! Welcome to the project!

There's really no need to file an issue for that (as it isn't really a bug). Just dive in and get working on the feature. If you want some help/assistance during the work, ask on the curl-library mailing list. If you end up with code to offer and want a review for, either post that on the list too or submit a pull requests here on github!

[bagder]

Feel free to open a pull request when/if you have code. Closing this issue for now.

[ciocari]

Hi Daniel,
Do you know if there is anyone already working on this?
Thanks!

[bagder]

I'm not aware of anyone having started at this. Feel free to go ahead!

[aimass]

Hi, I really need this right now so I am going to fork and try to give minimal support for SHA_256 and SHA_256-sess with auth-int. Do you have to "assign" this formally to me or can I just fork and submit a pull request? also how quickly can this get merged if the patch is sane?

[jay]

Hi, I really need this right now so I am going to fork and try to give minimal support for SHA_256 and SHA_256-sess with auth-int.

First take a look at f20cbac which came from #1934 and is in libcurl 7.57.0, it may have what you're looking for

[jay]

also 2b5b37c