Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 24711
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: oliviert [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 5.805
Fixed in: (no value)



Subject: LWP should recalculate digest auth after redirects
Download (untitled) / with headers
text/plain 1.2k
Scenario 1) client requests / on secure.example.org port 80 2) server replies HTTP/1.1 301 Moved Permanently Location: http://secure.example/Team 3) client request /Team 4) server replies with 401 challenge (digest auth) 5) client requests /Team again, with auth 6) server replies HTTP/1.1 301 Moved Permanently Location: http://secure.example/Team/ 7) client requests /Team/, with same auth headers However, the digest authentication response is calculated based (among other things) on the requested URI, so the response for /Team and /Team/ are different. Running % GET -uUsSx http://secure.example.org/Team returns [...] GET http://secure.example.org/Team/ Authorization: Digest username="myusername", realm="REALMNAME", qop="auth", algorithm="MD5", uri="/Team", nonce=[...] and so... 8) server say "thanks, but no thanks". 400 Bad Request logs say: [Mon Jan 22 01:16:12 2007] [error] [client 133.27.228.213] Digest: uri mismatch - </Team> does not match request-uri </Team/> LWP (and, I suppose, LWP::Authen::Digest) should calculate the digest based on the new URI after a redirect. Show quoted text
---- System info ---- LWP 5.805 perl v5.8.6 built for darwin-thread-multi-2level Darwin 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8 17:18:57 PDT 2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.