[XrdHttp] Wrong checksum picked if weighted checksum passed by the user

[ccaffy]

When the server has two checksums configured xrootd.cksum crc32 adler32, if they
give the "Want-Digest" header value sha-512,sha-256;q=0.8,sha;q=0.6,md5;q=0.4,adler32;q=0.2,
the first configured checksum will be returned.

This is due to the string comparison to choose the checksum algorithm to run that does not take into account the weight ";q=xx" that can be given by the user.

[xrootd-dev]

Well, that's not what is reported. The adler32 is buried in the string and it is simply ignored. So, I don't understand the comment here. As far as I can tell it is totally legitimate to ignore the weight values.

…

On Tue, 7 Mar 2023, ccaffy wrote: When the server has two checksums configured `xrootd.cksum crc32 adler32`, if they give the "Want-Digest" header value `sha-512,sha-256;q=0.8,sha;q=0.6,md5;q=0.4,adler32;q=0.2`, the first configured checksum will be returned. This is due to the string comparison to choose the checksum algorithm to run that does not take into account the weight ";q=xx" that can be given by the user. -- Reply to this email directly or view it on GitHub: #1944 You are receiving this because you are subscribed to this thread. Message ID: ***@***.***> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1

[ccaffy]

That's what I found when I tried to put this weighted-checksum want-digest value.

$ cat xrd_http.cfg | grep chksum
xrootd.chksum crc32 adler32

[xrootddev@xrootd-ccaffy-dev01 http_server_certificate_tests]$ curl -I -H "Want-Digest: sha-512,sha-256;q=0.8,sha;q=0.6,md5;q=0.4,adler32;q=0.2"  -L https://xrootd-ccaffy-dev01.cern.ch:1096/tmp/bigfile_5M_copy
HTTP/1.1 200 OK
Connection: Keep-Alive
Server: XrootD/v5.2.0-99-osghotfix...687
Content-Length: 15
Digest: crc32=06c3f8e8

I asked the adler32 checksum in the list, but you see, I get a CRC32 one because it is the first configured in the server config list.

That's because the algorithm looking for the checksum to run from the user list does strict string comparison --> no algorithm is found and the first configured one is computed.

With my new fix that discards the ;q=xx (not pushed yet), it works as expected:

[xrootddev@xrootd-ccaffy-dev01 http_server_certificate_tests]$ curl -I -H "Want-Digest: sha-512,sha-256;q=0.8,sha;q=0.6,md5;q=0.4,adler32;q=0.2"  -L https://xrootd-ccaffy-dev01.cern.ch:1096/tmp/bigfile_5M_copy
HTTP/1.1 200 OK
Connection: Keep-Alive
Server: XrootD/v5.2.0-99-osghotfix...687
Content-Length: 15
Digest: adler32=2204040b
Accept-Ranges: byte