Fix nonce-count generation in Curl_auth_create_digest_http_message() #1251
- on the first invocation: keep security context returned by InitializeSecurityContext() - on subsequent invocations: use MakeSignature() instead of InitializeSecurityContext() to generate HTTP digest response
edit: nm I see what you did, typically for that I'd expect context to be a pointer ie
I've just landed this with a test and modified your code slightly.
I got rid of have_context by using a pointer to the http context that is NULL when there is no context. Also I renamed it as http_context so it is not accidentally confused in the future with the SASL/md5 version of context of the function in the same file. Further, I moved the MakeSignature block to before a new context is created so that if MakeSignature fails we delete the context and fall back on creating a new context. Your code is otherwise the same. So basically it is this now:
@jay I am not sure this Curl_safefree() is ok:
resp = malloc(output_token_len + 1);
I think if the context is ok it should be kept for the subsequent invocations.