Skip Menu |

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 20889
Status: resolved
Priority: 0/
Queue: libwww-perl

Owner: Nobody in particular
Requestors: perl [...]

Bug Information
Severity: Critical
Broken in: 5.805
Fixed in: (no value)

Subject: Error in Authentication Digest Implementation
Download (untitled) / with headers
text/plain 821b
Hi, RFC 2617 says to calculate the digest of the body only if the auth-int is set in the qop option. The current version of LWP::Authen::Digest just ignores this and caculates the digest always when the method is POST or PUT. The following lines will fix it: my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque); @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5"); # changes start here my $auth_qop = $auth_param->{qop} || ""; if ($auth_qop eq "auth") { @resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc); } my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response); if($request->method =~ /^(?:POST|PUT)$/ && $auth_qop eq 'auth- int' ) { # changes end here $md5->add($request->content); my $content = $md5->hexdigest; HTH esskar

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to