aboutsummaryrefslogtreecommitdiff
path: root/lib/http_digest.c
AgeCommit message (Collapse)Author
2009-05-10- Andre Guibert de Bruet correctly pointed out an over-alloc with one wastedDaniel Stenberg
byte in the digest code.
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-02-28fix compiler warningYang Tse
2009-01-26- Alexey Borzov filed bug report #2535504Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with quoted quotation marks in HTTP Digest headers didn't work. I've now added test case 1095 that verifies my fix.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-11-26narrow the comment to < 80 columnsDaniel Stenberg
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-16Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper functionDaniel Stenberg
used in strequal.c so now all test cases run fine for me again.
2008-10-15- Pascal Terjan filed bug #2154627Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected.
2008-09-25- Fixed the HTTP Digest auth code to not behave badly when getting a blank realmDaniel Stenberg
with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435
2008-09-06remove unnecessary typecasting of malloc()Yang Tse
2008-09-06remove unnecessary typecasting of realloc()Yang Tse
2008-09-04fix print formatting string directivesYang Tse
2008-09-02Made some variables const which eliminated some castsDan Fandrich
2008-08-17libcurl internal base64.h header file renamed to curl_base64.hYang Tse
2008-08-17libcurl internal md5.h header file renamed to curl_md5.hYang Tse
2008-01-10Nikitinskit Dmitriy filed bug report #1868255Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies and fixes a problem with parsing WWW-Authenticate: headers with additional spaces in the line that the parser wasn't written to deal with.
2007-11-29A bug report on the curl-library list showed a HTTP Digest session going onDaniel Stenberg
with a 700+ letter nonce. Previously libcurl only support 127 letter ones and now I bumped it to 1023.
2007-11-07if () => if()Daniel Stenberg
while () => while() and some other minor re-indentings
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-07-22HTTP Digest auth fix on a re-used connectionDaniel Stenberg
2007-02-26Jose Kahan pointed out a Digest server that provided the algorith last in theDaniel Stenberg
header line without quotes and with a CRLF immediately following...
2007-01-14- David McCreedy provided libcurl changes for doing HTTP communication onDaniel Stenberg
non-ASCII platforms. It does add some complexity, most notably with more #ifdefs, but I want to see this supported added and I can't see how we can add it without the extra stuff added.
2007-01-03- David McCreedy made changes to allow base64 encoding/decoding to work onDaniel Stenberg
non-ASCII platforms.
2006-10-17Avoid typecasting a signed char to an int when using is*() functions, as thatDaniel Stenberg
could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
2006-05-25Olaf Stüben fixed a bug that caused Digest authentication with md5-sess toDaniel Stenberg
fail. When using the md5-sess, the result was not Md5 encoded and Base64 transformed.
2004-11-12Dan Fandrich added the --disable-crypto-auth option to configure to allowDaniel Stenberg
libcurl to build without Digest support. (I figure it should also explicitly disable Negotiate and NTLM.)
2004-10-06removed tabs and trailing whitespace from sourceDaniel Stenberg
2004-07-31Joel Chen reported that we assumed content within quotes a bit too much inDaniel Stenberg
the digest code. This fixes it.
2004-06-24Replaced all uses of sprintf() with the safer snprintf(). It is just aDaniel Stenberg
precaution to prevent mistakes to lead to buffer overflows.
2004-06-03Vincent Bronner made the code use the correct user name + password whenDaniel Stenberg
doing proxy authentication.
2004-05-13return CURLDIGEST_NOMEM when a memory function fails to deliverDaniel Stenberg
2004-05-12Check that memory functions return non-NULL or return error.Daniel Stenberg
2004-05-11curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg
memory.h is included everywhere for this.
2004-05-10Luca fixed the nc= in the digest line since it apparantly should not haveDaniel Stenberg
quotes...
2004-05-06use %ld to printf now.tv_secDaniel Stenberg
2004-05-04General HTTP authentication cleanup and fixesDaniel Stenberg
2004-04-30oops, a bad strtok() was fixed by LucaDaniel Stenberg
2004-04-29Luca Altea's major HTTP Digest updateDaniel Stenberg
2004-03-31added include to fix warningDaniel Stenberg
2004-03-31* Fixed a memory leak when doing repeated re-negotiations.Daniel Stenberg
* Made the incoming line parser more forgiving to allow "name=contents" pairs where the contents isn't within double quotes. * Made the digest code return CURLDIGEST_BADALGO if a requested algorithm isn't supported by the code.
2004-03-30first attempt to support stale=trueDaniel Stenberg
2004-03-08size_t/int fixDaniel Stenberg
2004-01-07updated year in the copyright stringDaniel Stenberg
2003-09-02wrap at 80 colsDaniel Stenberg
2003-07-19Access the user and passwd fields from the connectdata struct now insteadDaniel Stenberg
of the sessionhandle struct, as that was not good.
2003-06-26use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditionsDaniel Stenberg
2003-05-22Better Digest stuffDaniel Stenberg
2003-05-22hush the compilerDaniel Stenberg
2003-05-22Initial Digest support. At least partly working.Daniel Stenberg