[HTTP] patch for HTTP digest auth with unquoted values

Ganesh Sittampalam ganesh at earth.li
Wed Jan 4 06:52:24 GMT 2012

Hi William,

On 03/01/2012 12:07, William Waites wrote:

> I've run into a problem with the HTTP digest authentication where the
> server sends a challenge that looks something like,
>     ... algorithm=MD5
> i.e. without quotes around the MD5. I believe this is correct and
> allowed. I've patched the HTTP library to allow this, please find
> attached.

Thanks for the patch!

Before applying this to HTTP, I'd like
(a) a test added to test/httpTests.hs
(b) a reference for why it's ok, e.g. a reference to the RFC and/or
details of what server sends this

I generally batch up HTTP changes and do this kind of thing in a burst
every so often, but if you do it that might speed things up :-)



More information about the HTTP mailing list