From feba3f0549af546677ee2d924344234fd91b8f50 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Bigourdan Date: Thu, 6 Feb 2020 15:43:06 +0000 Subject: digest: Do not quote algorithm in HTTP authorisation RFC 7616 section 3.4 (The Authorization Header Field) states that "For historical reasons, a sender MUST NOT generate the quoted string syntax for the following parameters: algorithm, qop, and nc". This removes the quoting for the algorithm parameter. Reviewed-by: Steve Holme Closes #4890 --- lib/vauth/digest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/vauth') diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 8cd4d83ed..4d3839d90 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -899,7 +899,7 @@ static CURLcode _Curl_auth_create_digest_http_message( if(digest->algorithm) { /* Append the algorithm */ - tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm); + tmp = aprintf("%s, algorithm=%s", response, digest->algorithm); free(response); if(!tmp) return CURLE_OUT_OF_MEMORY; -- cgit v1.2.3