Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

digest: fix missing increment of 'nc' value for auth-int #9090

Closed
wants to merge 1 commit into from

Conversation

Karlson2k
Copy link
Contributor

@Karlson2k Karlson2k commented Jul 3, 2022

nc must be incremented each time when nc is used.
See RFC7616 (and RFC2617).

@jay
Copy link
Member

jay commented Jul 4, 2022

nc must be incremented each time when nc is used.

nc isn't used if qop isn't used so the existing code appears to be correct. If you are referring the latest RFC requiring qop you can see that libcurl has some legacy compatibility and can operate without qop (and therefore nc). Sorry but I just don't see this as an improvement, IMO it's clearer as is.

@jay
Copy link
Member

jay commented Jul 4, 2022

Oops I missed your title... you are right the increment is missing for auth-int. I think in that case it could still be handled in the if block for qop.

nc must be incremented each time when nc is used.
@Karlson2k
Copy link
Contributor Author

Karlson2k commented Jul 4, 2022

Oops I missed your title... you are right the increment is missing for auth-int. I think in that case it could still be handled in the if block for qop.

The additional idea was to use nc as an indication of nonce used at least one time, but this could be handled in another commit.

I know that digest HTTP auth is defined by RFC 7616, RFC 2617, and (old, deprecated, but still supported) RFC 2069.

@Karlson2k
Copy link
Contributor Author

Karlson2k commented Jul 5, 2022

Let me know if it needs any further improvements.

@jay jay closed this in 647ed7c Jul 6, 2022
@jay
Copy link
Member

jay commented Jul 6, 2022

Thanks

@Karlson2k Karlson2k deleted the digest_auth_fix_03 branch Jul 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants