Commits on Jul 20, 2023

1. Per RFC 7616, use the provided Response algorithm in the Request …

   For digest authentication, in RFC 7616 section "3.4 The Authorization
   Header Field":
   
       The values of the opaque and algorithm fields must be those supplied
       in the WWW-Authenticate response header field for the entity being
       requested.
   
   This commit honors that rule, and removes the previous behavior that
   augmented the request header with "algorithm=MD5" when none was provided
   in the server's response.
   
   Aside from the specification, it also stands to reason that if the
   server failed to provide "algorithm=..." in its "WWW-Authenticate"
   header, the server should be fine with the client failing to provide
   "algorithm=..." in the "Authorization" header.
   
   The motivation for this change is that including "algorithm=MD5" in the
   "Authorization" header causes http requests to fail when made to an
   embedded system, which I suspect to be a an Espressif ESP32 web server.

   

   jvasileff committed Jul 20, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 26eea08
   • Browse repository at this point

   Copy the full SHA

   26eea08 View commit details

   Browse the repository at this point in the history

2. Test for presence of "algorithm" in digest authentication …

   algorithm should be present in the Authentication header if and only if
   it is present in the challenge

   

   jvasileff committed Jul 20, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 8187208
   • Browse repository at this point

   Copy the full SHA

   8187208 View commit details

   Browse the repository at this point in the history