You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
According to RFC https://www.ietf.org/rfc/rfc7616.html the qop delimiter can actually include a whitespace , as in the example that appears in the RFC :
HTTP/1.1 401 Unauthorized
(comma-whitespace instead of just comma)
In this case Curl would wrongly parse a token " auth-int" (with leading whitespace) instead of just "auth-int".
Found on Ubuntu 21.04
The text was updated successfully, but these errors were encountered:
When parsing the "qop=" parameter of the digest authentication, and the
value is provided within quotes, the list of values can have leading
white space which the parser previously did not handle correctly.
Add test case 388 to verify.
Reported-by: vlubart on github