aboutsummaryrefslogtreecommitdiff
path: root/lib/http_digest.c
AgeCommit message (Collapse)Author
2012-12-28build: make use of 76 lib/*.h renamed filesYang Tse
76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
2012-11-12Digst: Add microseconds into nounce calculationGabriel Sjoberg
When using only 1 second precision, curl doesn't create new cnonce values quickly enough for all uses. For example, issuing the following command multiple times to a recent Tomcat causes authentication failures: curl --digest -utest:test http://tomcat.test.com:8080/manager/list This is because curl uses the same cnonce for several seconds, but doesn't increment the nonce counter.  Tomcat correctly interprets this as a replay attack and rejects the request. When microsecond-precision is available, this commit causes curl to change cnonce values much more frequently. With microsecond resolution, increasing the nounce length used in the headers to 32 was made to further reduce the risk of duplication.
2012-07-21Client's "qop" value should not be quoted (RFC2617, section 3.2.2).Anton Yabchinskiy
2012-03-22fix several compiler warningsYang Tse
2011-08-24base64: fix Curl_base64_encode and Curl_base64_decode interfacesYang Tse
Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-06-03digest_cleanup_one: made privateDaniel Stenberg
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-20CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg
Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2010-11-08fix compiler warningYang Tse
2010-09-12digest: make it clear the condition is always trueDaniel Stenberg
2010-03-24remove the CVSish $Id$ linesDaniel Stenberg
2009-05-22Removed some obsolete digest code that caused a valgrind error in test 551.Dan Fandrich
2009-05-10- Andre Guibert de Bruet correctly pointed out an over-alloc with one wastedDaniel Stenberg
byte in the digest code.
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-02-28fix compiler warningYang Tse
2009-01-26- Alexey Borzov filed bug report #2535504Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with quoted quotation marks in HTTP Digest headers didn't work. I've now added test case 1095 that verifies my fix.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-11-26narrow the comment to < 80 columnsDaniel Stenberg
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-16Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper functionDaniel Stenberg
used in strequal.c so now all test cases run fine for me again.
2008-10-15- Pascal Terjan filed bug #2154627Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected.
2008-09-25- Fixed the HTTP Digest auth code to not behave badly when getting a blank realmDaniel Stenberg
with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435
2008-09-06remove unnecessary typecasting of malloc()Yang Tse
2008-09-06remove unnecessary typecasting of realloc()Yang Tse
2008-09-04fix print formatting string directivesYang Tse
2008-09-02Made some variables const which eliminated some castsDan Fandrich
2008-08-17libcurl internal base64.h header file renamed to curl_base64.hYang Tse
2008-08-17libcurl internal md5.h header file renamed to curl_md5.hYang Tse
2008-01-10Nikitinskit Dmitriy filed bug report #1868255Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies and fixes a problem with parsing WWW-Authenticate: headers with additional spaces in the line that the parser wasn't written to deal with.
2007-11-29A bug report on the curl-library list showed a HTTP Digest session going onDaniel Stenberg
with a 700+ letter nonce. Previously libcurl only support 127 letter ones and now I bumped it to 1023.
2007-11-07if () => if()Daniel Stenberg
while () => while() and some other minor re-indentings
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-07-22HTTP Digest auth fix on a re-used connectionDaniel Stenberg
2007-02-26Jose Kahan pointed out a Digest server that provided the algorith last in theDaniel Stenberg
header line without quotes and with a CRLF immediately following...
2007-01-14- David McCreedy provided libcurl changes for doing HTTP communication onDaniel Stenberg
non-ASCII platforms. It does add some complexity, most notably with more #ifdefs, but I want to see this supported added and I can't see how we can add it without the extra stuff added.
2007-01-03- David McCreedy made changes to allow base64 encoding/decoding to work onDaniel Stenberg
non-ASCII platforms.
2006-10-17Avoid typecasting a signed char to an int when using is*() functions, as thatDaniel Stenberg
could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
2006-05-25Olaf Stüben fixed a bug that caused Digest authentication with md5-sess toDaniel Stenberg
fail. When using the md5-sess, the result was not Md5 encoded and Base64 transformed.
2004-11-12Dan Fandrich added the --disable-crypto-auth option to configure to allowDaniel Stenberg
libcurl to build without Digest support. (I figure it should also explicitly disable Negotiate and NTLM.)
2004-10-06removed tabs and trailing whitespace from sourceDaniel Stenberg
2004-07-31Joel Chen reported that we assumed content within quotes a bit too much inDaniel Stenberg
the digest code. This fixes it.
2004-06-24Replaced all uses of sprintf() with the safer snprintf(). It is just aDaniel Stenberg
precaution to prevent mistakes to lead to buffer overflows.
2004-06-03Vincent Bronner made the code use the correct user name + password whenDaniel Stenberg
doing proxy authentication.
2004-05-13return CURLDIGEST_NOMEM when a memory function fails to deliverDaniel Stenberg
2004-05-12Check that memory functions return non-NULL or return error.Daniel Stenberg
2004-05-11curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg
memory.h is included everywhere for this.
2004-05-10Luca fixed the nc= in the digest line since it apparantly should not haveDaniel Stenberg
quotes...
2004-05-06use %ld to printf now.tv_secDaniel Stenberg
2004-05-04General HTTP authentication cleanup and fixesDaniel Stenberg