From 8342b6e1dc3fde9e91a75c349f2c9514b902d127 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 11 May 2014 15:03:16 +0100 Subject: sasl: Fixed missing qop in the client's challenge-response message Whilst the qop directive isn't required to be present in a client's response, as servers should assume a qop of "auth" if it isn't specified, some may return authentication failure if it is missing. --- lib/curl_sasl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/curl_sasl.c') diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index d877eff6f..8a6b52217 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -533,9 +533,11 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Generate the response */ response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\"," - "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s", + "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s," + "qop=%s", userp, realm, nonce, - cnonce, nonceCount, uri, resp_hash_hex); + cnonce, nonceCount, uri, resp_hash_hex, + qop); if(!response) return CURLE_OUT_OF_MEMORY; -- cgit v1.2.3